With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Michael Ikua ikuamike
ikuamike
/ gist:0ddd4a75189658970fa695758a75a97d
Created
January 13, 2021 11:56
— forked from jaredsburrows/gist:9e121d2e5f1147ab12a696cf548b90b0
full English translation of Phineas Fisher's account of how he took down HackingTeam - https://www.reddit.com/r/netsec/comments/4f3e6p/full_english_translation_of_phineas_fishers/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _ _ _ ____ _ _ | |
| | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |
| | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | |
| | _ | (_| | (__| < | |_) | (_| | (__| <|_| | |
| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) | |
| A DIY Guide | |
ikuamike
/ kerberos_attacks_cheatsheet.md
Created
September 3, 2020 14:47
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
ikuamike
/ sid2str.py
Created
June 16, 2020 22:13
— forked from mprahl/sid2str.py
Python 2.7/3.5 function to convert an Active Directory binary SID to string format (sid_to_str)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import struct | |
| def sid_to_str(sid): | |
| """ Converts a hexadecimal string returned from the LDAP query to a | |
| string version of the SID in format of S-1-5-21-1270288957-3800934213-3019856503-500 | |
| This function was based from: http://www.gossamer-threads.com/lists/apache/bugs/386930 | |
| """ | |
| # The revision level (typically 1) |
ikuamike
/ root_bypass.js
Created
May 6, 2020 10:58
— forked from pich4ya/root_bypass.js
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto ([email protected]): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
ikuamike
/ android-burp-cert.sh
Created
April 29, 2020 21:00
— forked from vavkamil/android-burp-cert.sh
One Liner For Installing Burp Certificate Into Android Nougat and Later
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html | |
| # | |
| curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert \ | |
| && openssl x509 -inform DER -in cacert.der -out cacert.pem \ | |
| && cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \ | |
| && adb root \ | |
| && adb remount \ | |
| && adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \ | |
| && echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \ | |
| && echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \ |
ikuamike
/ GoogleDorking.md
Created
February 22, 2020 20:12
— forked from sundowndev/GoogleDorking.md
Google dork cheatsheet
| Filter | Description | Example |
|---|---|---|
| allintext | Searches for occurrences of all the keywords given. | allintext:"keyword" |
| intext | Searches for the occurrences of keywords all at once or one at a time. | intext:"keyword" |
| inurl | Searches for a URL matching one of the keywords. | inurl:"keyword" |
| allinurl | Searches for a URL matching all the keywords in the query. | allinurl:"keyword" |
| intitle | Searches for occurrences of keywords in title all or one. | intitle:"keyword" |
ikuamike
/ SimpleHTTPServerWithUpload.py
Created
September 2, 2019 17:57
— forked from touilleMan/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload - Python3 version
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """Simple HTTP Server With Upload. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| see: https://gist.github.com/UniIsland/3346170 | |
| """ | |
ikuamike
/ pentest.sh
Created
May 9, 2019 19:54
— forked from OffXec/pentest.sh
Installs pentesting tools, then symlinks them to be ran seamlessly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/bash | |
| git clone https://github.com/danielmiessler/SecLists.git /opt/seclists | |
| git clone https://github.com/s0md3v/XSStrike.git /opt/xsstrike | |
| sudo ln -s /opt/xsstrike/xsstrike.py /usr/local/bin/xsstrike | |
| chmod +x /opt/xsstrike/xsstrike.py | |
| git clone https://github.com/s0md3v/Arjun.git /opt/arjun | |
| sudo ln -s /opt/arjun/arjun.py /usr/local/bin/arjun |
ikuamike
/ how-to-oscp-final.md
Created
March 24, 2019 19:01
— forked from unfo/how-to-oscp-final.md
ikuamike
/ gist:a07eac5ec3696d638e6dc6a449f6fc24
Created
January 7, 2019 23:00
— forked from carnal0wnage/gist:606c41ac6ec40bf5c69d4db96d9312e3
Red Team Books
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
NewerOlder