■ ■ ■ ■ ■ ■
SharpMapExec/Commands/kerberosCim.cs
1 | | - | using Microsoft.Management.Infrastructure; |
2 | | - | using Rubeus; |
3 | | - | using SharpMapExec.Lib; |
4 | | - | using System; |
5 | | - | using System.Collections.Generic; |
6 | | - | using System.IO; |
7 | | - | |
8 | | - | namespace SharpMapExec.Commands |
9 | | - | { |
10 | | - | public class kerberosCim : ICommand |
11 | | - | { |
12 | | - | public static string CommandName => "kerberoscim"; |
13 | | - | |
14 | | - | public void Execute(Dictionary<string, string> arguments) |
15 | | - | { |
16 | | - | string[] users = { }; |
17 | | - | string domain = ""; |
18 | | - | string path = ""; |
19 | | - | string destination = ""; |
20 | | - | string[] passwords = { }; |
21 | | - | string[] hashes = { }; |
22 | | - | string dc = ""; |
23 | | - | string ticket = ""; |
24 | | - | Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.subkey_keymaterial; |
25 | | - | string[] computernames; |
26 | | - | string module = ""; |
27 | | - | string moduleargument = ""; |
28 | | - | List<string> flags = new List<string>(); |
29 | | - | |
30 | | - | |
31 | | - | if (arguments.ContainsKey("/m")) |
32 | | - | { |
33 | | - | module = arguments["/m"]; |
34 | | - | } |
35 | | - | if (arguments.ContainsKey("/module")) |
36 | | - | { |
37 | | - | module = arguments["/module"]; |
38 | | - | } |
39 | | - | |
40 | | - | // |
41 | | - | if (arguments.ContainsKey("/user")) |
42 | | - | { |
43 | | - | if (File.Exists(arguments["/user"])) |
44 | | - | { |
45 | | - | users = File.ReadAllLines(arguments["/user"]); |
46 | | - | } |
47 | | - | else |
48 | | - | { |
49 | | - | string[] parts = arguments["/user"].Split('\\'); |
50 | | - | if (parts.Length == 2) |
51 | | - | { |
52 | | - | domain = parts[0]; |
53 | | - | users = parts[1].Split(','); |
54 | | - | } |
55 | | - | else |
56 | | - | { |
57 | | - | users = arguments["/user"].Split(','); |
58 | | - | } |
59 | | - | } |
60 | | - | } |
61 | | - | |
62 | | - | if (arguments.ContainsKey("/domain")) |
63 | | - | { |
64 | | - | domain = arguments["/domain"]; |
65 | | - | } |
66 | | - | if (arguments.ContainsKey("/dc")) |
67 | | - | { |
68 | | - | dc = arguments["/dc"]; |
69 | | - | } |
70 | | - | if (arguments.ContainsKey("/ticket")) |
71 | | - | { |
72 | | - | ticket = arguments["/ticket"]; |
73 | | - | } |
74 | | - | |
75 | | - | if (arguments.ContainsKey("/computername")) |
76 | | - | { |
77 | | - | if (File.Exists(arguments["/computername"])) |
78 | | - | { |
79 | | - | computernames = File.ReadAllLines(arguments["/computername"]); |
80 | | - | } |
81 | | - | else |
82 | | - | { |
83 | | - | computernames = arguments["/computername"].Split(','); |
84 | | - | } |
85 | | - | } |
86 | | - | else |
87 | | - | { |
88 | | - | Console.WriteLine("[-] /computername must be supplied!"); |
89 | | - | return; |
90 | | - | } |
91 | | - | |
92 | | - | if (arguments.ContainsKey("/encType")) |
93 | | - | { |
94 | | - | string encTypeString = encType.ToString().ToUpper(); |
95 | | - | |
96 | | - | if (encTypeString.Equals("RC4") || encTypeString.Equals("NTLM")) |
97 | | - | { |
98 | | - | encType = Interop.KERB_ETYPE.rc4_hmac; |
99 | | - | } |
100 | | - | else if (encTypeString.Equals("AES128")) |
101 | | - | { |
102 | | - | encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1; |
103 | | - | } |
104 | | - | else if (encTypeString.Equals("AES256") || encTypeString.Equals("AES")) |
105 | | - | { |
106 | | - | encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1; |
107 | | - | } |
108 | | - | else if (encTypeString.Equals("DES")) |
109 | | - | { |
110 | | - | encType = Interop.KERB_ETYPE.des_cbc_md5; |
111 | | - | } |
112 | | - | } |
113 | | - | else |
114 | | - | encType = Interop.KERB_ETYPE.rc4_hmac; |
115 | | - | |
116 | | - | if (arguments.ContainsKey("/password")) |
117 | | - | { |
118 | | - | if (File.Exists(arguments["/password"])) |
119 | | - | passwords = File.ReadAllLines(arguments["/password"]); |
120 | | - | else |
121 | | - | passwords = arguments["/password"].Split(','); |
122 | | - | } |
123 | | - | else if (arguments.ContainsKey("/des")) |
124 | | - | { |
125 | | - | if (File.Exists(arguments["/des"])) |
126 | | - | hashes = File.ReadAllLines(arguments["/des"]); |
127 | | - | else |
128 | | - | hashes = arguments["/des"].Split(','); |
129 | | - | encType = Interop.KERB_ETYPE.des_cbc_md5; |
130 | | - | } |
131 | | - | else if (arguments.ContainsKey("/rc4")) |
132 | | - | { |
133 | | - | if (File.Exists(arguments["/rc4"])) |
134 | | - | hashes = File.ReadAllLines(arguments["/rc4"]); |
135 | | - | else |
136 | | - | hashes = arguments["/rc4"].Split(','); |
137 | | - | encType = Interop.KERB_ETYPE.rc4_hmac; |
138 | | - | } |
139 | | - | else if (arguments.ContainsKey("/ntlm")) |
140 | | - | { |
141 | | - | if (File.Exists(arguments["/ntlm"])) |
142 | | - | hashes = File.ReadAllLines(arguments["/ntlm"]); |
143 | | - | else |
144 | | - | hashes = arguments["/ntlm"].Split(','); |
145 | | - | encType = Interop.KERB_ETYPE.rc4_hmac; |
146 | | - | } |
147 | | - | else if (arguments.ContainsKey("/aes128")) |
148 | | - | { |
149 | | - | hashes = arguments["/aes128"].Split(','); |
150 | | - | encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1; |
151 | | - | } |
152 | | - | else if (arguments.ContainsKey("/aes256")) |
153 | | - | { |
154 | | - | hashes = arguments["/aes256"].Split(','); |
155 | | - | encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1; |
156 | | - | } |
157 | | - | |
158 | | - | if (users.Length == 0 && String.IsNullOrEmpty(ticket)) |
159 | | - | { |
160 | | - | Console.WriteLine("\r\n[X] You must supply a user name!\r\n"); |
161 | | - | return; |
162 | | - | } |
163 | | - | if (String.IsNullOrEmpty(domain) && String.IsNullOrEmpty(ticket)) |
164 | | - | { |
165 | | - | Console.WriteLine("\r\n[X] You must supply a domain!\r\n"); |
166 | | - | return; |
167 | | - | } |
168 | | - | |
169 | | - | if ((hashes.Length == 0 && passwords.Length == 0) && String.IsNullOrEmpty(ticket)) |
170 | | - | { |
171 | | - | Console.WriteLine("\r\n[X] You must supply a /password , or a [/des|/rc4|/aes128|/aes256] hash!\r\n"); |
172 | | - | return; |
173 | | - | } |
174 | | - | |
175 | | - | if (String.IsNullOrEmpty(ticket) && (!((encType == Interop.KERB_ETYPE.des_cbc_md5) || (encType == Interop.KERB_ETYPE.rc4_hmac) || (encType == Interop.KERB_ETYPE.aes128_cts_hmac_sha1) || (encType == Interop.KERB_ETYPE.aes256_cts_hmac_sha1)))) |
176 | | - | { |
177 | | - | Console.WriteLine("\r\n[X] Only /des, /rc4, /aes128, and /aes256 are supported at this time.\r\n"); |
178 | | - | return; |
179 | | - | } |
180 | | - | |
181 | | - | foreach (string computername in computernames) |
182 | | - | { |
183 | | - | CimSession cimSession; |
184 | | - | cimSession = Cim.newSession(computername, "", "", "", true); |
185 | | - | Scan.CIM(cimSession, module); |
186 | | - | } |
187 | | - | } |
188 | | - | } |
189 | | - | } |