private static bool HaveAccessToServer(ServerConfig server) { Logger.Info(string.Format("Checking if WMI can be used to reach remote server [{0}]...", server.Name)); var success = false; try { var registry = new RemoteRegistry(server.Name, server.DeploymentUser.UserName, server.DeploymentUser.Password); string windowsName; success = registry.TryGetStringValue(RegistryHive.LocalMachine, @"SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ProductName", out windowsName); if (success) { Logger.Info(string.Format("Contact was made with server [{0}] using WMI. Server is {1}.", server.Name, windowsName)); } else { Logger.Error(string.Format("Unable to reach server [{0}] using WMI", server.Name)); } } catch (UnauthorizedAccessException accessException) { Logger.Error(string.Format("Unable to access remote server [{0}] using WMI. Unauthorized Access Exception reported. Please check your credentials.", server.Name), accessException); return(false); } catch (Exception ex) { Logger.Error(string.Format("Unable to access remote server [{0}] using WMI.", server.Name), ex); return(false); } return(success); }
// Launch specified attack public static void LaunchAttack(string attackType) { switch (attackType) { case "1": DiscoveryChoice.Selections(); break; case "2": Delivery.PowerShell.DownloadFile(); break; case "3": Execution.WMIDeployment.Deploy(); break; case "4": Command_and_Control.ReverseTCPShell.Control(); break; case "5": RemoteRegistry.RegModification(Exfiltration.SaveLocations.NekoFolder, GetDomainInfo.DomainURL, DomainAuthentication.Username, DomainAuthentication.Password); break; case "6": Credential_Access.Selections.EnableWDigest(); Credential_Access.Selections.SaveSAMSecurity(); break; } }
public MatrixAgent() { Registry = new RemoteRegistry(); Configuration = new RemoteConfigurator(); Directory = new RemoteDirectory(); Logger = new RemoteLogger(); Gateway = new RemoteGateway(); }
public async Task <RemotePackageInfo> CachedQueryRemotePackage(Identifier id) { if (remotePackQueryCache.ContainsKey(id)) { return(remotePackQueryCache[id]); } else { var result = await RemoteRegistry.QueryPackage(this, id); remotePackQueryCache.Add(id, result); return(result); } }
private static bool HaveNet40(ServerConfig server) { try { Logger.Info(string.Format("Checking if WMI can be used to check if .NET Framework 4.0 is installed on server [{0}]...", server.Name)); var registry = new RemoteRegistry(server.Name, server.DeploymentUser.UserName, server.DeploymentUser.Password); int dotNet40Installed; var success = registry.TryGetDWordValue(RegistryHive.LocalMachine, @"SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full", "Install", out dotNet40Installed); if (!success || dotNet40Installed != 1) { Logger.Error(string.Format("Missing Microsoft .NET Framework version 4.0 on [{0}].", server.Name)); return(false); } Logger.Info(string.Format("Microsoft .NET Framework version 4.0 is installed on server [{0}].", server.Name)); return(true); } catch (Exception ex) { Logger.Error(string.Format("Unable to access remote server to check for .NET Framework 4.0 on server [{0}] using WMI.", server.Name), ex); return(false); } }
public static bool Options(string DiscoverySelection) { // Local machine recon if (DiscoverySelection == "1") { Console.WriteLine("\r\n" + "Conduct local system discovery? Enter 'y' or 'n' or 'exit':"); string localRecon = Console.ReadLine(); while (localRecon != "y" && localRecon != "n") { Console.WriteLine("\r\n" + "Invalid selection. Do you want to do network discovery via LDAP? Enter 'y' or 'n':"); localRecon = Console.ReadLine(); } // Conduct local recon if (localRecon == "y") { LocalMachineRecon.LocalMachine(Exfiltration.SaveLocations.NekoFolder); } // Check if user wants to do additional discovery ContinueDiscovery(); if (conductAdditionalDisocvery == "y") { Selections(); } else { return(true); } } // Domain recon via LDAP else if (DiscoverySelection == "2") { // See if user wants to do LDAP searching Console.WriteLine("\r\n" + "Do you want to do domain recon via LDAP? Enter 'y' or 'n':"); string ldapQueries = Console.ReadLine(); while (ldapQueries != "y" && ldapQueries != "n") { Console.WriteLine("\r\n" + "Invalid selection. Do you want to do network recon via LDAP? Enter 'y' or 'n':"); ldapQueries = Console.ReadLine(); } // If user opts to run ldap queries if (ldapQueries == "y") { Discovery.LDAP.Information(); } // Check if user wants to do additional discovery ContinueDiscovery(); if (conductAdditionalDisocvery == "y") { Selections(); } else { return(true); } } // Network IP recon with option of WMI else if (DiscoverySelection == "3") { // Get type of scan var scanType = UserScanSelection.ScanSelection(); // Conduct scan Discovery.PortScanning.PortChoices.Selections(); // Get WMI User Info if (scanType == "1") { Console.WriteLine("\r\n" + "This process typically requires Domain Admin credentials, does " + DomainAuthentication.Username + " have sufficient credentials? Enter 'y' or 'n':"); string hasDomainAdmin = Console.ReadLine(); while (hasDomainAdmin != "y" && hasDomainAdmin != "n") { Console.WriteLine("\r\n" + "Invalid selection. This process requires Domain Admin credentials, proceed? Enter 'y' or 'n':"); hasDomainAdmin = Console.ReadLine(); } if (hasDomainAdmin == "n") { Console.WriteLine("\r\n" + "Enter user name:"); DomainAuthentication.Username = Console.ReadLine(); Console.WriteLine("\r\n" + "Enter password:"******"") { Console.WriteLine("\r\n" + "Enter network domain:"); GetDomainInfo.DomainURL = Console.ReadLine(); } // If ldap querying was done, confirms they want to use the same domain else { Console.WriteLine("\r\n" + "The domain selected for LDAP recon was: " + GetDomainInfo.DomainURL + " Would you like to continue using this domain? Enter 'y' or 'n':"); string domainConfirmation = Console.ReadLine(); while (domainConfirmation != "y" && domainConfirmation != "n") { Console.WriteLine("\r\n" + "Invalid selection. The domain selected for LDAP recon was: " + GetDomainInfo.DomainURL + " Would you like to continue using this domain? Enter 'y' or 'n':"); domainConfirmation = Console.ReadLine(); } // If they select n, they're prompted for a different domain if (domainConfirmation == "n") { Console.WriteLine("Please enter new domain to use:"); GetDomainInfo.DomainURL = Console.ReadLine(); } } } // Check if user wants to do additional discovery ContinueDiscovery(); if (conductAdditionalDisocvery == "y") { Selections(); } else { return(true); } } else if (DiscoverySelection == "4") { RemoteRegistry.RegQuery(Exfiltration.SaveLocations.NekoFolder, GetDomainInfo.DomainURL, DomainAuthentication.Username, DomainAuthentication.Password); // Check if user wants to do additional discovery ContinueDiscovery(); if (conductAdditionalDisocvery == "y") { Selections(); } else { return(true); } } return(false); }
public static void ScanNode(ScanTask task) { task.Node[Constants.StatusColumnName] = null; if (!task.Node.ContainsKey(Constants.IpColumnName) || !(task.Node[Constants.IpColumnName] is IPAddress)) { throw new ArgumentException("Node doesn't contain ip adress!"); } var ip = (IPAddress)task.Node[Constants.IpColumnName]; bool isOnline = NetTools.IsOnline(ip); if (isOnline || ConfigurationManager.Configuration.ScanningOptions.ScanOfflineHost) { try { Dns.Resolve(ip, task.Node); } catch { // do nothing by desing } try { RemoteArp.GetInfo(ip, task.Node); } catch { // do nothing by desing } try { RemoteNetBios.GetInfo(ip, 137, task.Node); } catch { // do nothing by desing } try { RemoteRegistry.GetInfo(ip, task.Node); } catch { // do nothing by desing } try { RemoteSnmp.GetAllInfo(ip, task.Node); } catch { // do nothing by desing } try { RemoteWmi.GetInfo(ip, task.Node); } catch { // do nothing by desing } } task.Node[Constants.StatusColumnName] = isOnline; }