public static void CIM(CimSession cimSession, string module)
{
try
{
Console.WriteLine(String.Format("[*] Checking {0}", cimSession.ComputerName));
if (!cimSession.TestConnection(out CimInstance instance, out CimException exception))
{
Console.WriteLine(String.Format("[-] Could Not Reach {0} - {1}", cimSession.ComputerName, exception));
Console.WriteLine();
return;
}
if (module.Length == 0)
{
Cim.CheckLocalAdmin(cimSession);
}
else if (module.Contains("enable_winrm"))
{
Cim.enable_winrm(cimSession);
}
else if (module.Contains("disable_winrm"))
{
Cim.disable_winrm(cimSession);
}
else if (module.Contains("check_pslockdown"))
{
Cim.check_pslockdown(cimSession);
}
else if (module.Contains("check_pslogging"))
{
Cim.check_pslogging(cimSession);
}
else if (module.Contains("disable_pslockdown"))
{
Cim.disable_pslockdown(cimSession);
}
else if (module.Contains("disable_pslogging"))
{
Cim.disable_pslogging(cimSession);
}
Console.WriteLine("");
}
catch (Exception e)
{
Console.WriteLine("[-] {0} - {1}", cimSession.ComputerName, e.ToString());
}
}
public static void StartJob(string[] users, string domain, string[] passwords, string[] hashes, string[] computernames, string domainController, string module, string moduleargument, string path, string destination, List <string> flags, string protocol)
{
var secrets = hashes != null ? hashes : passwords;
if (hashes != null)
{
foreach (string user in users)
{
foreach (string password in secrets)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
SetThreadToken(user, domain, password);
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "domain")
{
Scan.LDAP(module, domain, domainController);
}
}
}
}
else
{
foreach (string user in users)
{
foreach (string password in secrets)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
using (new Impersonator.Impersonation(domain, user, password))
{
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "cim")
{
foreach (string computername in computernames)
{
CimSession cimSession;
cimSession = Cim.newSession(computername, domain, user, password, flags.Contains("impersonate"));
Scan.CIM(cimSession, module);
}
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
else if (protocol.ToLower() == "domain")
{
Scan.LDAP(module, domain, domainController);
}
}
}
}
}
}
public static void StartJob <T>(string[] users, string domain, T secrets, string[] computernames, string module, string moduleargument, string path, string destination, List <string> flags, string protocol)
{
string[] passwords;
if (typeof(T) == typeof(NTHash))
{
passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Nthash").GetValue(secrets, null);
foreach (string user in users)
{
foreach (string password in passwords)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
SetThreadToken(user, domain, password);
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
}
}
}
else if (typeof(T) == typeof(ClearText))
{
passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Cleartext").GetValue(secrets, null);
foreach (string user in users)
{
foreach (string password in passwords)
{
Console.WriteLine("------------------");
Console.WriteLine(string.Format("[*] User: {0}", user));
Console.WriteLine(string.Format("[*] domain: {0}", domain));
Console.WriteLine(string.Format("[*] secret: {0}", password));
Console.WriteLine();
using (new Impersonator.Impersonation(domain, user, password))
{
if (protocol.ToLower() == "smb")
{
Scan.SMB(computernames, module);
}
else if (protocol.ToLower() == "winrm")
{
Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
}
else if (protocol.ToLower() == "cim")
{
foreach (string computername in computernames)
{
CimSession cimSession;
cimSession = Cim.newSession(computername, domain, user, password, flags.Contains("impersonate"));
Scan.CIM(cimSession, module);
}
}
else if (protocol.ToLower() == "reg32")
{
Scan.REG32(computernames, module);
}
}
}
}
}
}
