Closed Meatballs1 closed 8 years ago
HarmJ0y
commented
8 years ago Added to the 2.0 branch https://github.com/PowerShellEmpire/PowerTools/commit/90888d5e1d1266f67aaad901c4654bf3c1ad9865
What is the main difference between the above approach and this one? https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/manage/clone_proxy_settings.rb#L111
Meatballs1
commented
8 years ago Should probably look to use a lot of those checks in this, but this one additionally pulls down WPAD and is in powershell ;)
Meatballs1
commented
8 years ago I wasn't actually expecting you to implement these directly, I was thinking of coming back to them at a later date and coding them up :)
Meatballs1
commented
8 years ago It could probably be expanded to check the SYSTEM proxy,and also enumerate the other users on the box to check their proxy settings. Also should go into more depth and check for advanced proxy configuration settings.
HarmJ0y
commented
8 years ago Haha, realized PowerView had been neglected the last month or so and kept meaning to get back on a dev track for it anyway :)
If you think any of the implementations could be done better/differently, definitely let me know and/or feel free to submit a pull if desired. They're not meant to be in final form at this point, but wanted to get something started. The proxy enumeration is something we've been meaning to do with Empire anyway, so it'll be good to dive into it. Thoughts on trying to parse the WPAD .pac (no idea how annoying this would be) or just leaving the output in an object?
leechristensen
commented
8 years ago Depending on how detailed you want to go, this might be of use:
https://www.chromium.org/developers/design-documents/network-stack/proxy-settings-fallback
HarmJ0y
commented
8 years ago Thanks Lee! Will hopefully be expanding this soon. Then again you know how our dev cycles tend to go :)
Something along the lines of: