With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
techris techris45
techris45
/ kerberos_attacks_cheatsheet.md
Created
August 28, 2019 02:32
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
techris45
/ auto_git_query
Created
September 23, 2019 13:01
— forked from nullenc0de/auto_git_query
Automated Github Queries (Can open 29 tabs at a time)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
techris45
/ Dockerfile
Created
September 28, 2019 19:15
— forked from Irio/Dockerfile
GCP Serverless scrapers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM golang:1.12 as build | |
| WORKDIR $GOPATH/src/github.com/Irio/wohnung | |
| COPY scraper scraper | |
| COPY main.go . | |
| RUN go get -d -v ./... | |
| RUN go install | |
| FROM gcr.io/distroless/base |
techris45
/ Windows10-Setup.ps1
Created
February 27, 2020 23:14
— forked from NickCraver/Windows10-Setup.ps1
(In Progress) PowerShell Script I use to customize my machines in the same way for privacy, search, UI, etc.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################## | |
| # Privacy Settings | |
| ################## | |
| # Privacy: Let apps use my advertising ID: Disable | |
| Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -Type DWord -Value 0 | |
| # To Restore: | |
| #Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo -Name Enabled -Type DWord -Value 1 | |
| # Privacy: SmartScreen Filter for Store Apps: Disable | |
| Set-ItemProperty -Path HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost -Name EnableWebContentEvaluation -Type DWord -Value 0 |
techris45
/ boxstarter.ps1
Created
February 27, 2020 23:14
— forked from jessfraz/boxstarter.ps1
Boxstarter Commands for a new Windows box.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: Boxstarter Script | |
| # Author: Jess Frazelle <jess@linux.com> | |
| # Last Updated: 2017-09-11 | |
| # | |
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: |
techris45
/ c99-nl.py
Created
April 5, 2020 20:17
— forked from si9int/c99-nl.py
Automates https://subdomainfinder.c99.nl | Usage: python3 c99-nl.py <domain.com> | Requirements: pip3 install bs4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests, sys | |
| from bs4 import BeautifulSoup as bs | |
| domain = sys.argv[1] | |
| subdomains = [] | |
| params = { | |
| 'CSRF102664102' : 'geek100526529', | |
| 'CSRF105639185' : 'espionage103090877', |
techris45
/ check_ip.py
Created
April 5, 2020 20:18
— forked from si9int/check_ip.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests, sys | |
| requests.packages.urllib3.disable_warnings() | |
| try: | |
| target = sys.argv[1] | |
| method = sys.argv[2] | |
| except: | |
| print('[!] Usage: python3 check_ip.py <domain/ip> <http/https>') | |
| sys.exit() |
techris45
/ cit0day-breach-check.sh
Created
December 8, 2020 03:29
— forked from j1elo/cit0day-breach-check.sh
Cit0Day Breach Check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Step 1: Obtain a list of our personal hosts. | |
| # Export from Bitwarden, LastPass, 1Password, or similar: | |
| my_passwords.txt | |
| # Next commands will assume the LastPass export format, which is CSV with the URL in the first field: | |
| # url,username,password,[... more fields] |
techris45
/ .. MediaCreationTool.bat ..md
Created
October 2, 2021 04:42
— forked from AveYo/.. MediaCreationTool.bat ..md
Universal MediaCreationTool wrapper for all MCT Windows 10 versions from 1507 to 21H1 with business (Enterprise) edition support
Not just an Universal MediaCreationTool wrapper script with ingenious support for business editions,
A powerful yet simple windows 1X deployment automation tool as well!
awesome gui dialogs to pick windows version and preset action
Auto Setup choice for upgrade directly without prompts, with edition change / intelligent fallback
Create ISO choice for authoring iso file directly via DIR2ISO snippet, including any 'oem' customizations
Create USB choice for authoring usb via native MCT, including any 'oem' customizations (prompts once)
Select in MCT choice for vanilla MCT processing without 'oem' modifications, script quits straightway
control via set script vars, commandline parameters or rename script likeiso 21H2 Pro MediaCreationTool.bat
techris45
/ Workstation-Takeover.md
Created
October 10, 2021 22:29
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
OlderNewer