With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
_ _ _ ____ _ _ | |
| | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
|_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
A DIY Guide | |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
import sys | |
import struct | |
def sid_to_str(sid): | |
""" Converts a hexadecimal string returned from the LDAP query to a | |
string version of the SID in format of S-1-5-21-1270288957-3800934213-3019856503-500 | |
This function was based from: http://www.gossamer-threads.com/lists/apache/bugs/386930 | |
""" | |
# The revision level (typically 1) |
// $ frida -l antiroot.js -U -f com.example.app --no-pause | |
// CHANGELOG by Pichaya Morimoto ([email protected]): | |
// - I added extra whitelisted items to deal with the latest versions | |
// of RootBeer/Cordova iRoot as of August 6, 2019 | |
// - The original one just fucked up (kill itself) if Magisk is installed lol | |
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
Java.perform(function() { | |
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html | |
# | |
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \ | |
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \ | |
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \ | |
&& adb root \ | |
&& adb remount \ | |
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \ | |
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \ | |
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \ |
Filter | Description | Example |
---|---|---|
allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
#!/usr/bin/env python3 | |
"""Simple HTTP Server With Upload. | |
This module builds on BaseHTTPServer by implementing the standard GET | |
and HEAD requests in a fairly straightforward manner. | |
see: https://gist.github.com/UniIsland/3346170 | |
""" | |
#/bin/bash | |
git clone https://github.com/danielmiessler/SecLists.git /opt/seclists | |
git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike | |
sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike | |
chmod +x /opt/xsstrike/xsstrike.py | |
git clone https://github.com/s0md3v/Arjun.git /opt/arjun | |
sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun |
From: http://redteams.net/bookshelf/ | |
Techie | |
Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |