With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
sasqwatch
/ kerberos_attacks_cheatsheet.md
Created
September 4, 2019 23:19
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
sasqwatch
/ FindingComputersWithLocalAdmin.md
Created
August 30, 2019 22:54
— forked from leechristensen/FindingComputersWithLocalAdmin.md
Useful cypher queries to find computers that are local admin on other computers, or to find groups containing bother users/computers.
MATCH p1 = (c1:Computer)-[r:MemberOf*1..]->(g1:Group)
WITH c1,g1
MATCH p2 = (g1:Group)-[r:AdminTo]->(c2:Computer)
RETURN c1.name As Principal,c2.name AS Target,g1.name AS ViaGroup
sasqwatch
/ auto_git_query
Created
August 28, 2019 20:57
— forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
sasqwatch
/ UserWritableLocations.ps1
Created
August 19, 2019 21:37
— forked from hinchley/UserWritableLocations.ps1
A PowerShell script for identifying user-writable folders. Usage is discussed in the following article: http://hinchley.net/2016/06/13/an-approach-for-managing-microsoft-applocker-policies/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Paths that we've already excluded via AppLocker. | |
| $exclusions = @() | |
| # Paths to process. | |
| $paths = @( | |
| "C:\Windows" | |
| ) | |
| # Setup log. | |
| $log = "$PSScriptRoot\UserWritableLocations.log" |
sasqwatch
/ UserWritableLocations.ps1
Created
August 19, 2019 21:36
A PowerShell script for identifying user-writable folders. Usage is discussed in the following article: http://hinchley.net/2016/06/13/an-approach-for-managing-microsoft-applocker-policies/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Paths that we've already excluded via AppLocker. | |
| $exclusions = @() | |
| # Paths to process. | |
| $paths = @( | |
| "C:\Windows" | |
| ) | |
| # Setup log. | |
| $log = "$PSScriptRoot\UserWritableLocations.log" |
sasqwatch
/ Disable-Fusion-Log-.NET-Assembly-Binding-Logging.bat
Created
August 19, 2019 21:36
— forked from jpluimers/Disable-Fusion-Log-.NET-Assembly-Binding-Logging.bat
.NET enable and disable Fusion log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| reg add "HKLM\Software\Microsoft\Fusion" /v EnableLog /t REG_DWORD /d 0 /f |
sasqwatch
/ CompileInMemory.cs
Created
August 19, 2019 21:29
— forked from TheKevinWang/CompileInMemory.cs
Compile and run C# code in memory to avoid anti-virus. Taken from a C# ransomware sample: https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/ However, this will still execute csc.exe and drop a dll to %temp% https://twitter.com/Laughing_Mantis/status/991018563296157696
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.CodeDom.Compiler; | |
| using Microsoft.CSharp; | |
| using System.IO; | |
| using System.Reflection; | |
| namespace InMemoryCompiler | |
| { | |
| class Program |
sasqwatch
/ JankyAF.csproj
Created
August 19, 2019 21:26
— forked from bohops/JankyAF.csproj
Fun loader for Casey Smith's (@subTee) JanyAF.xsl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe powaShell.csproj --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > |
sasqwatch
/ wifiscan.cmd
Created
August 15, 2019 18:41
— forked from joswr1ght/wifiscan.cmd
Wi-Fi Scanning at the Windows Command Prompt, FOR loop style
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FOR /L %N IN () DO @netsh wlan show networks mode=bssid | findstr "^SSID Signal" && ping -n 16 127.0.0.1 >NUL && cls |
sasqwatch
/ rbcd_relay.py
Created
August 9, 2019 18:04
— forked from 3xocyte/rbcd_relay.py
poc resource-based constrain delegation relay attack tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html | |
| # this is a *very* rough PoC | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import base64 | |
| import random | |
| import struct |