awesome-tor
mimikatz
awesome-tor | mimikatz | |
---|---|---|
2 | 25 | |
396 | 18,730 | |
- | - | |
0.0 | 5.2 | |
8 months ago | 4 months ago | |
C | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-tor
-
Tor is not just for anonymity
The internet is no longer as peer-to-peer friendly as it once was. Hence the existence of commercially-motivated hacks run by third parties such as hosting, e.g., Cloudflare, etc., including tunneling, e.g., ngrok, etc. Alternatively, Tor relies on third parties but AFAIK it's not so centralised and it's not commercially-motivated.
That is what differentiates it from all the other options. There is no company behind it trying to make money by exploiting internet subscribers trying to connect with each other (not the so-called "tech" company).
Tor can have uses other than the ones normally discussed such as anonymity and evading censorship. Tor can provide reachability without use of commercial eavesdropping third party intermediaries.
For example, one can use Onion Services for advertising open IP:port information that is needed for peer-to-peer connections over other, faster peer-to-peer overlay networks, not the Tor network. The Onion Service can function as the "rendezvous" server for making peer-to-peer connection outside of Tor. Tor's Onion Services can be used to exchange IP:port information for making direct connections over the internet without using Tor. No need to use commercial third parties. Ngrok, Tailscale, etc. all require use of servers run by a commercial third party. Tor does not. There is ample free software that can establish peer-to-peer connections over the internet but in every case it requires some reachable server running this software on the internet, and for most users that means they have to run a server and pay a commercial third party for hosting. Tor has no such requirement.
Imagine being able to share content with family, friends, colleagues without the need for so-called "tech" companies^1 acting as intermediaries ("middlemen"). With a reachable IPv4 address this becomes possible. It would be nice if every home internet access subscriber received a reachable IPv4 address from their ISP. No doubt, some do. But on today's internet most do not. The so-called "tech" companies all have reachable IPv4 addresses. Hence they assume the roles of middlemen and use this position to exploit internet subscribers for profit.
Something like Tor provides a solution. Again, it is not always necessary to route all traffic over Tor. Tor can have other uses. When the goal is simply peer-to-peer connections, Onion Services can be used to bootstrap peer-to-peer overlay connections using the user's choice of software by providing a secure, reliable way to exchange IP:port information. Goal here when using Tor is not anonymity nor censorship evasion, it's reachability. Similarly, goal of peer-to-peer is not necessarily anonymity nor evading censorship either, it's bypassing commercially-motivated, eavesdropping middlemen known as "tech" companies, and avoiding the annoyances of advertising. A possible additional benefot of using Tor in this way is elevated privacy. Google, for example, cannot easily discover Onion Services. No one can discover Onion Services using ICANN DNS.
1. The term "tech" as in "tech company" means a company, usually a website, that collects data from and about people to support the sale of advertising services because advertising services are the only services the company can sell on a scale large enough to sustain a profitable business.
More reading/viewing:
https://github.com/anderspitman/awesome-tunneling
Tor Hidden Services (now called "Onion Services")
https://jamielittle.org/2016/08/28/hidden.html
As one author wrote on Github:
"onion-expose is a utility that allows one to easily create and control temporary Tor onion services.
onion-expose can be used for any sort of TCP traffic, from simple HTTP to Internet radio to Minecraft to SSH servers. It can also be used to expose individual files and allow you to request them from another computer.
Why not just use ngrok?
ngrok is nice. But it requires everything to go through a central authority (a potential security issue), and imposes artificial restrictions, such as a limit of one TCP tunnel per user. It also doesn't allow you to expose files easily (you have to set it up yourself)."
https://github.com/ethan2-0/onion-expose
As another Github contributor put it:
"With onionpipe, that service doesn't need a public IPv4 or IPv6 ingress. You can publish services with a globally-unique persistent onion address, and share access securely and privately to your own allowlist of authorized keys.
You don't need to rely on, and share your personal data with for-profit services (like Tailscale, ZeroTier, etc.) to get to it."
https://github.com/cmars/onionpipe
https://news.ycombinator.com/item?id=36734956
https://news.ycombinator.com/item?id=30445421
https://news.ycombinator.com/item?id=29929399
"Finally, onion services are private by default, meaning that users must discover these sites organically, rather than with a search engine." [Small websites with small audiences get buried by advertising-supported search engines anyway.]
https://nymity.ch/onion-services/pdf/sec18-onion-services.pd...
https://media.ccc.de/v/31c3_-_6112_-_en_-_saal_2_-_201412301...
https://wiki.termux.com/wiki/Bypassing_NAT (Termux recommends Tor over Ngrok)
https://github.com/ajvb/awesome-tor
-
Awesome Penetration Testing
See also awesome-tor.
mimikatz
- is anyone here using the windows firewalls on their clients to help with/prevent/make it harder to do lateral movements?
- Ok, thanks I guess
-
4 AD Attacks and How to Protect Against Them
Mimikatz
-
Compromising Plaintext Passwords in Active Directory
Typically, Mimikatz is used to extract NTLM password hashes or Kerberos tickets from memory. However, one of its lesser-known capabilities is the ability to extract plaintext passwords from dumps created for the LSASS process. This means that an attacker can compromise plaintext passwords without running any nefarious code on domain controllers. Dump files can be created interactively or using ProcDump , and in either case, the activity is unlikely to be flagged by anti-virus software. Once the dumps are created, they can be copied off the domain controller and the plaintext credentials can be harvested using Mimikatz offline.
-
How to Detect Pass-the-Ticket Attacks
Mimikatz can be used to perform pass-the-ticket, but in this post, we wanted to show how to execute the attack using another tool, Rubeus , lets you perform Kerberos based attacks. Rubeus is a C# toolset written by harmj0y and is based on the Kekeo project by Benjamin Delpy, the author of Mimikatz .
-
What is DCShadow Attack and How to Defend Against It
What is DCShadow? DCShadow is a command in the Mimikatz tool that enables an adversary to register a rogue domain controller and replicate malicious changes across the domain.
-
Stealing User Passwords with Mimikatz DCSync
Mimikatz provides a variety of ways to extract and manipulate credentials, but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password data. In fact, attackers can get any account’s NTLM password hash or even its plaintext password, including the password of the KRBTGT account, which enables them to create Golden Tickets.
-
Domain Compromise with a Golden Ticket Attack
Using Mimikatz , it is possible to leverage the password of the KRBTGT account to create forged Kerberos Ticket Granting Tickets (TGTs) which can be used to request Ticket Granting Server (TGS) tickets for any service on any computer in the domain.
-
Manipulating User Passwords with Mimikatz
Using the ChangeNTLM and SetNTLM commands in Mimikatz , attackers can manipulate user passwords and escalate their privileges in Active Directory . Let’s take a look at these commands and what they do.
-
Extracting Service Account Passwords with Kerberoasting
Mimikatz will extract local tickets and save them to disk for offline cracking. Simply install Mimikatz and issue a single command:
What are some alternatives?
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
impacket - Impacket is a collection of Python classes for working with network protocols. [Moved to: https://github.com/SecureAuthCorp/impacket]
Tor-Bridges-Collector - Collecting Tor Bridges.
john - John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
awesome-privacy - 💡Limiting personal data leaks on the internet
bettercap - The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
onion-expose - Easily create Tor hidden services with one command.
RustScan - 🤖 The Modern Port Scanner 🤖
CVE-2021-1675 - C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
python-evtx - Pure Python parser for Windows Event Log files (.evtx)