public static void NetworkServiceDiscovery(int computertype, int nhost, int sleep) { List <Task> tasklist = new List <Task>(); List <Computer> targetcomputers = Lib.Targets.GetHostTargets(computertype, nhost); Console.WriteLine("[*] Starting Network Discovery from {0} ", Environment.MachineName); if (sleep > 0) { Console.WriteLine("[*] Sleeping {0} seconds between each scan", sleep); } foreach (Computer computer in targetcomputers) { if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { Computer temp = computer; TimeSpan interval = TimeSpan.FromSeconds(5); tasklist.Add(Task.Factory.StartNew(() => { DiscoveryHelper.PortScan(temp, interval); })); if (sleep > 0) { Thread.Sleep(sleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); }
public static void DomaiGroupDiscoveryLdap(PlaybookTask playbook_task, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1069.002"); logger.TimestampInfo("Using LDAP to execute technique"); try { if (playbook_task.groups.Length > 0) { foreach (string group in playbook_task.groups) { logger.TimestampInfo(String.Format("Querying LDAP for members of '{0}'", group)); DiscoveryHelper.LdapQueryForObjects(logger, 2, "", group); } logger.SimulationFinished(); } else { logger.TimestampInfo("Querying LDAP for all groups"); DiscoveryHelper.LdapQueryForObjects(logger, 2); logger.SimulationFinished(); } } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void DomainAccountDiscoveryLdap(string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1087.002"); logger.TimestampInfo("Using LDAP to execute this technique"); try { DiscoveryHelper.ListUsersLdap(logger); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void NetworkServiceDiscovery(int nhost, int tsleep, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1046"); logger.TimestampInfo("Using the System.Net.Sockets .NET namespace to execute this technique"); try { var rand = new Random(); int computertype = rand.Next(1, 6); List <Task> tasklist = new List <Task>(); List <Computer> targetcomputers = Lib.Targets.GetHostTargets(computertype, nhost, logger); logger.TimestampInfo(String.Format("Obtained {0} target computers for the scan", targetcomputers.Count)); if (tsleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between each network scan", tsleep)); } foreach (Computer computer in targetcomputers) { if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { Computer temp = computer; TimeSpan interval = TimeSpan.FromSeconds(5); tasklist.Add(Task.Factory.StartNew(() => { logger.TimestampInfo(String.Format("Starting port scan against {0} ({1})", temp.ComputerName, temp.IPv4)); DiscoveryHelper.PortScan(temp, interval); })); if (tsleep > 0) { Thread.Sleep(tsleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void NetworkServiceDiscovery(int computertype, int nhost, int sleep, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1046"); //logger.TimestampInfo(String.Format("Starting T1046 Simulation on {0}", Environment.MachineName)); //logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id)); try { List <Task> tasklist = new List <Task>(); List <Computer> targetcomputers = Lib.Targets.GetHostTargets(computertype, nhost); logger.TimestampInfo(String.Format("Obtained {0} target computers for the scan", targetcomputers.Count)); //Console.WriteLine("[*] Starting Network Discovery from {0} ", Environment.MachineName); if (sleep > 0) { Console.WriteLine("[*] Sleeping {0} seconds between each scan", sleep); } foreach (Computer computer in targetcomputers) { if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { Computer temp = computer; TimeSpan interval = TimeSpan.FromSeconds(5); tasklist.Add(Task.Factory.StartNew(() => { logger.TimestampInfo(String.Format("Starting port scan against {0} ({1})", temp.ComputerName, temp.IPv4)); DiscoveryHelper.PortScan(temp, interval); })); if (sleep > 0) { Thread.Sleep(sleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void AccountDiscoveryLdap(string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1087"); //logger.TimestampInfo(String.Format("Starting T1087 Simulation on {0}", Environment.MachineName)); //logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id)); try { DiscoveryHelper.ListUsersLdap(logger); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void EnumerateShares(int nhosts, int tsleep, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1135"); logger.TimestampInfo("Using the Win32 API NetShareEnum function to execute this technique"); try { List <Task> tasklist = new List <Task>(); var rand = new Random(); int computertype = rand.Next(1, 6); List <Computer> targetcomputers = Lib.Targets.GetHostTargets(computertype, nhosts, logger); logger.TimestampInfo(String.Format("Obtained {0} target computers", targetcomputers.Count)); if (tsleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between each enumeration attempt", tsleep)); } foreach (Computer computer in targetcomputers) { if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { tasklist.Add(Task.Factory.StartNew(() => { DiscoveryHelper.ShareEnum(computer, logger); })); if (tsleep > 0) { Thread.Sleep(tsleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void NetworkShareEnumerationApiRemote(PlaybookTask playbook_task, string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Logger logger = new Logger(currentPath + log); logger.SimulationHeader("T1135"); logger.TimestampInfo("Using the Win32 API NetShareEnum function to execute this technique"); try { //List<Computer> targetcomputers = Lib.Targets.GetHostTargets_old(computertype, nhosts, logger); List <Task> tasklist = new List <Task>(); List <Computer> target_hosts = Targets.GetHostTargets(playbook_task, logger); if (playbook_task.task_sleep > 0) { logger.TimestampInfo(String.Format("Sleeping {0} seconds between each enumeration attempt", playbook_task.task_sleep)); } foreach (Computer computer in target_hosts) { if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) { tasklist.Add(Task.Factory.StartNew(() => { DiscoveryHelper.ShareEnum(computer, logger); })); if (playbook_task.task_sleep > 0) { Thread.Sleep(playbook_task.task_sleep * 1000); } } } Task.WaitAll(tasklist.ToArray()); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }