With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
#!/bin/bash | |
# this script was written by viss as a challenge from @random_robbie | |
# This one-liner replaces a fairly lengthy python script | |
# if you want to be walked through it, sign up for square cash, send $viss 20 dollars. Otherwise, flex your google fu! | |
# oh, ps: you need to pip install shodan, and then configure the shodan cli client by giving it your api key. | |
# then you're off to the races. | |
shodan search --fields ip_str --limit 1000 'product:"Oracle Weblogic" port:"7001" country:"US"' | sort -u | nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open | awk '{print $2}' | xargs -I % -n 1 -P 30 bash -c 'RESULT=`curl -s -I -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko0100101 Firefox/54.0" -H "Connection":"close" -H "Accept-Language":"en-US -H en;q=0.5" -H "Accept":"text/html -H application/xhtml+xml -H application/xml;q=0.9 -H */*;q=0.8" -H "Upgrade-Insecure-Requests":"1" %:7001/ws_utc/config.do | egrep HTTP`; echo "%: $RESULT";' |
The scripts below have been superseded by rgpipe.
Good: rg --pre somescripthere yoursearchtermhere
Better: rg ---pre-glob '*.{comma,seperated,extensions,to,preprocess}' --pre somescripthere yoursearchtermhere
#!/usr/bin/env python3 | |
import secrets | |
import sys | |
from ldap3 import Server, Connection, ALL, NTLM | |
try: | |
username = sys.argv[1] | |
except IndexError: | |
exit('please provide a username: {} <name>'.format(sys.argv[0])) |
/ | |
$$$lang-translate.service.js.aspx | |
$367-Million-Merger-Blocked.html | |
$defaultnav | |
${idfwbonavigation}.xml | |
$_news.php | |
$search2 | |
£º | |
.0 | |
/0 |
from datetime import datetime | |
import time | |
import threading | |
########################### | |
from multiprocessing import Process | |
import random | |
########################### | |
import dns.resolver | |
import dns.reversename | |
import ftplib |
0 | |
1 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
2 |
#!/usr/bin/env python | |
import argparse | |
import sys | |
import binascii | |
import socket | |
import re | |
from ldap3 import Server, Connection, NTLM, ALL, SUBTREE, ALL_ATTRIBUTES | |
# get /etc/hosts entries for domain-joined computers from A and AAAA records (via LDAP/ADIDNS) (@3xocyte) |
This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.
Got some ideas of your own that should be on this list? Please leave a comment below!
Microsoft has a great paper on the topic that gives some nice high level recommendations: