3gstudent/pyKerbrute

Stars
168
Rank 225,507 (Top 5 %)
Language
Python
License
BSD 3-Clause "New...
Created almost 5 years ago
Updated over 1 year ago

3gstudent/pyKerbrute

3gstudent

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Use python to perform Kerberos pre-auth bruteforcing

pyKerbrute

Use python to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication

Reference:

https://github.com/ropnop/kerbrute

https://github.com/mubix/pykek

PyKerbrute is my exercise of learing Kerberos and Python.

Kerbrute is a good tool to bruteforce and enumerate valid Active Directory accounts.It's faster and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625.So I tried to implement it with Python.I refer to pykek in the writing of Python code.

Kerbrute validates a username or test a login by only sending one UDP frame to the KDC (Domain Controller).My PyKerbrute adds support for TCP and the NTLM hash of Active Directory accounts.

EnumADUser.py

Use Kerberos pre-authentication to enumerate valid Active Directory accounts.

Usage:

EnumADUser.py <domainControlerAddr> <domainName> <mode>
<mode>: tcp or udp

Eg.

EnumADUser.py 192.168.1.1 test.com user.txt tcp

ADPwdSpray.py

Use Kerberos pre-authentication to test a single password or NTLM hash against a list of Active Directory accounts.

Usage:

ADPwdSpray.py <domainControlerAddr> <domainName> <file> <passwordtype> <data> <mode>
<mode>: tcp or udp

Eg.

ADPwdSpray.py 192.168.1.1 test.com user.txt clearpassword DomainUser123! tcp

ADPwdSpray.py 192.168.1.1 test.com user.txt ntlmhash e00045bd566a1b74386f5c1e3612921b udp

Details:《渗透技巧——通过Kerberos pre-auth进行用户枚举和口令爆破》

Pentest-and-Development-Tips

A collection of pentest and development tips

Homework-of-C-Language

C/C++ code examples of my blog.

Worse-PDF

Turn a normal PDF file into malicious.Use to steal Net-NTLM Hashes from windows machines.

Homework-of-Python

Python codes of my blog.

List-RDP-Connections-History

Use powershell to list the RDP Connections History of logged-in users or all users

Eventlogedit-evtx--Evolution

Remove individual lines from Windows XML Event Log (EVTX) files

Javascript-Backdoor

Learn from Casey Smith @subTee

Invoke-BuildAnonymousSMBServer

Use to build an anonymous SMB file server.

msbuild-inline-task

CLR-Injection

Use CLR to inject all the .NET apps

Homework-of-C-Sharp

C Sharp codes of my blog.

Inject-dll-by-APC

Asynchronous Procedure Calls

SharpRDPCheck

Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)

Inject-dll-by-Process-Doppelganging

Process Doppelgänging

backup-3gstudent.github.io

Smbtouch-Scanner

Automatically scan the inner network to detect whether they are vulnerable.

ntfsDump

Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.

Homework-of-Powershell

powershell codes of my blog.

Use-COM-objects-to-bypass-UAC

Office-Persistence

Use powershell to test Office-based persistence methods

Windows-User-Clone

Create a hidden account

Windows-EventLog-Bypass

Use subProcessTag Value From TEB to identify Event Log Threads

APT34-Jason

Use to perform Microsoft exchange account brute-force.

pyXSSPlatform

Used to build an XSS platform on the command line.

CVE-2017-8464-EXP

Support x86 and x64

bitsadminexec

Use bitsadmin to maintain persistence and bypass Autoruns

Code-Execution-and-Process-Injection

Powershell to CodeExecution and ProcessInjection

Shellcode-Generater

No inline asm,support x86/x64

test

CreateRemoteThread

From 32-bit process to 64-bit process

PasswordFilter

2 ways of Password Filter DLL to record the plaintext password

Dump-Clear-Password-after-KB2871997-installed

From-System-authority-to-Medium-authority

Penetration test

Waitfor-Persistence

Use Waitfor.exe to maintain persistence

Bypass-Windows-AppLocker

NinjaCopy

Powershell to copy ntds.dit

COM-Object-hijacking

use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)

3gstudent.github.io

Winpcap_Install

Auto install WinPcap on Windows(command line)

ewsManage

My exercise of using Exchange Web Service(EWS)

HiddenNtRegistry

Use NT Native Registry API to create a registry that normal user can not query.

Homework-of-Go

Go code examples of my blog.

signtools

From Windows SDK

Eventlogedit-evt--General

Remove individual lines from Windows Event Viewer Log (EVT) files

PNG-Steganography

Steganography Payload

easBrowseSharefile

Use to browse the share file by eas(Exchange Server ActiveSync)

Bypass-McAfee-Application-Control--Code-Execution

Smallp0wnedShell

Small modification version of p0wnedShell

ListInstalledPrograms

List the programs that the current Windows system has installed

AutoIt-Keylogger

Hide-Process-by-kd.exe

powershell to hide process by kd.exe

NodeJS-Downloader

An example of a downloader written in NodeJS.

Use-msxsl-to-bypass-AppLocker

Learn from Casey Smith@subTee

GetExpiredDomains

Search for available domain from expireddomains.net

ExcelDllLoader

Execute DLL via the Excel.Application object's RegisterXLL() method

Add-Dll-Exports

Use to generate DLL through Visual Studio

Execute-CSharp-From-XSLT-TEST

Writeup

interesting analysis

PNG_stego-test

SendMail-with-Attachments

Use powershell to send mail

Catch-specified-file-s-handle

Enumerate all processes and get specified file's handle,then close it.

pdf

IE-BHO-POSTdata-Logger

A sample IE BHO for logging Internet Explorer's POST data.

WanaCrypt0r-Reverse-Analysis

Record my reverse analysis of WanaCrypt0r

bgi-creater

Use BGInfo to bypass Application Whitelisting

Get-Wlan-Keys

Powershell to get wlan keys

Homework-of-Java

Java codes of my blog

3gstudent

regsvr32-test

Test-Exploit-for-Joomla-3.4.4-3.6.4

Test if the website allows user registration

BlogPic