updated filter algorithm

Adamkadaban · Nov 29, 2020 · 04addd0 · 04addd0
1 parent f60062d
commit 04addd0
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 13 deletions.
diff --git a/_includes/bin_table.html b/_includes/bin_table.html
@@ -20,7 +20,7 @@ <h3>What you have:</h3>
 	{% for item_pair in site.data.items %}
 	{% assign item_id = item_pair[0] %}
 	{% assign item = item_pair[1] %}
-	<li><input type="checkbox" id="{{ item.label }}" onclick='handleChange(this, "{{ item.label }}");'><label id="{{ item.label }}_label" for="{{ item.label }}" data-title="{{ item.description | replace: '\n', ' ' }}">{{ item.label }}</label></li>
+	<li><input type="checkbox" id="{{ item.label }}" name="item_name" onclick='handleChange(this, "{{ item.label }}");'><label id="{{ item.label }}_label" for="{{ item.label }}" data-title="{{ item.description | replace: '\n', ' ' }}">{{ item.label }}</label></li>
 	{% endfor %}
     </ul>
 
@@ -51,7 +51,6 @@ <h3>What you have:</h3>
 
  function handleChange(checkbox, label) {
 	 if (checkbox.checked == true) {
-		 //console.log(label);
 		 document.getElementById(label).className = 'match';
 		 document.getElementById(label + "_label").innerText = label + "✓";
 		 var slash = window.location.href.lastIndexOf("/");
@@ -80,15 +79,18 @@ <h3>What you have:</h3>
      // filter rows
      var noResults = true;
 
+     var allItems = document.getElementsByName("item_name");
      var allFilters = document.getElementsByName("filter_name");
+     var allItems_parsed = [];
      var allFilters_parsed = [];
      allFilters.forEach((f) => {
 	     allFilters_parsed.push(f.id.toLowerCase());
      });
      var filter_chosen = functionPatterns.filter(element => allFilters_parsed.includes(element));
-     filter_chosen.forEach((f) => {
-	     console.log("filter_chosen: " + f);
+     allItems.forEach((i) => {
+	     allItems_parsed.push(i.id.toLowerCase());
      });
+     var item_chosen = functionPatterns.filter(element => allItems_parsed.includes(element));
 
      document.querySelectorAll('#bin-table tbody tr').forEach(function (row) {
          var show = true;
@@ -102,7 +104,6 @@ <h3>What you have:</h3>
                  item.className = '';
              });
 	     functionElems.forEach((item) => {
-		 //console.log("current item is " + item.innerText);
 	         let siblings = [];
 		 if (item.parentNode) {
 		     let sibling = item.parentNode.firstChild;
@@ -113,10 +114,8 @@ <h3>What you have:</h3>
 			     sibling = sibling.nextSibling;
 		     }
 		     for (i = 0; i < siblings.length; i++ ) {
-			 //console.log("current sibling is " + siblings[i].innerText);
 		         var found = false;
 			 functionPatterns.forEach((pattern) => {
-		             //console.log("Pattern: " + pattern);
 			     if (!pattern) {
 			         return;
 			     }
@@ -126,7 +125,6 @@ <h3>What you have:</h3>
 			     }
 			 });
 			 if (found) {
-			     //console.log("found in " + siblings[i].innerText);
 	                     siblings[i].className = 'match';
 			 }
 		     }
@@ -136,7 +134,6 @@ <h3>What you have:</h3>
 			     }
 
 			     if (item.innerText.toLowerCase().startsWith(p.toLowerCase())) {
-				     //console.log("Parent matches!");
 				     item.className = 'match';
 			     }
 		     });
@@ -162,7 +159,7 @@ <h3>What you have:</h3>
 
 	     {% endfor %}
 	 });
-	 var found_filter = true;
+	 var found_filter = false;
 	 if (filter_chosen.length !== 0) {
 		 found_filter = false;
 		 filter_chosen.forEach((f) => {
@@ -175,13 +172,11 @@ <h3>What you have:</h3>
 	 }
 
 
-	 if (!filled && functionPatterns.length != 0 || !found_binName || !found_filter) {
-	     //console.log("not filled");
+	 if (!filled && (functionPatterns.length != 0 && !found_filter) || !found_binName || (found_filter && !filled && item_chosen.length !== 0) || (!found_filter && filled && filter_chosen.length !== 0)) {
 	     row.style.display = 'none';
 	 } else {
 	     row.style.display = '';
 	     noResults = false;
-	     //console.log("filled! " + row.style.display);
 	 }
      });
 

diff --git a/_wadcoms/Kerbrute-BruteForce.md b/_wadcoms/Kerbrute-BruteForce.md
@@ -0,0 +1,18 @@
+---
+description: |
+  ropnop's kerbrute bruteforces and enumerates valid Active Directory accounts through Kerberos Pre-Authentication. The following command will attempt to brute force valid username and passwords logins given a list of credentials (in the format `username:password`).
+
+  Command Reference:
+
+  	Domain: test.local
+
+  	Credential List: credentials.txt
+items:
+  No_Creds:
+    - code: |
+        cat credentials.txt | kerbrute_linux_amd64 -d test.local bruteforce -
+filters:
+  Kerberos:
+    - code: |
+        empty
+---
diff --git a/_wadcoms/Kerbrute-BruteUser.md b/_wadcoms/Kerbrute-BruteUser.md
@@ -0,0 +1,20 @@
+---
+description: |
+  ropnop's kerbrute bruteforces and enumerates valid Active Directory accounts through Kerberos Pre-Authentication. The following command will bruteforce an account against a list of provided passwords given a username.
+
+  Command Reference:
+
+  	Domain: test.local
+
+  	Password List: passwords.txt
+
+  	Username: john
+items:
+  Username:
+    - code: |
+        kerbrute_linux_amd64 bruteuser -d test.local passwords.txt john
+filters:
+  Kerberos:
+    - code: |
+        empty
+---
diff --git a/_wadcoms/Kerbrute-PasswordSpray.md b/_wadcoms/Kerbrute-PasswordSpray.md
@@ -0,0 +1,20 @@
+---
+description: |
+  ropnop's kerbrute bruteforces and enumerates valid Active Directory accounts through Kerberos Pre-Authentication. The following command will perform a password spray account against a list of provided users given a password. 
+
+  Command Reference:
+
+  	Domain: test.local
+
+  	Username List: domain_users.txt
+
+  	Password: password123
+items:
+  Password:
+    - code: |
+        kerbrute_linux_amd64 passwordspray -d test.local domain_users.txt password123
+filters:
+  Kerberos:
+    - code: |
+        empty
+---
diff --git a/_wadcoms/Kerbrute-UserEnum.md b/_wadcoms/Kerbrute-UserEnum.md
@@ -0,0 +1,18 @@
+---
+description: |
+  ropnop's kerbrute bruteforces and enumerates valid Active Directory accounts through Kerberos Pre-Authentication. The following command will attempt to enumerate valid usernames given a list of usernames to try.
+
+  Command Reference:
+
+  	Domain: test.local
+
+  	Username List: usernames.txt
+items:
+  No_Creds:
+    - code: |
+        kerbrute_linux_amd64 userenum -d test.local usernames.txt
+filters:
+  Kerberos:
+    - code: |
+        empty
+---