STRLCPY/SharpMapExec

cleanup
cube0x0 committed 3 years ago

1866401e

1 parent 888a3072

.vs/SharpMapExec/v16/.suo

Binary file.

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/kerberosCim.cs

1	-	using Microsoft.Management.Infrastructure;
2	-	using Rubeus;
3	-	using SharpMapExec.Lib;
4	-	using System;
5	-	using System.Collections.Generic;
6	-	using System.IO;
7	-
8	-	namespace SharpMapExec.Commands
9	-	{
10	-	public class kerberosCim : ICommand
11	-	{
12	-	public static string CommandName => "kerberoscim";
13	-
14	-	public void Execute(Dictionary<string, string> arguments)
15	-	{
16	-	string[] users = { };
17	-	string domain = "";
18	-	string path = "";
19	-	string destination = "";
20	-	string[] passwords = { };
21	-	string[] hashes = { };
22	-	string dc = "";
23	-	string ticket = "";
24	-	Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.subkey_keymaterial;
25	-	string[] computernames;
26	-	string module = "";
27	-	string moduleargument = "";
28	-	List<string> flags = new List<string>();
29	-
30	-
31	-	if (arguments.ContainsKey("/m"))
32	-	{
33	-	module = arguments["/m"];
34	-	}
35	-	if (arguments.ContainsKey("/module"))
36	-	{
37	-	module = arguments["/module"];
38	-	}
39	-
40	-	//
41	-	if (arguments.ContainsKey("/user"))
42	-	{
43	-	if (File.Exists(arguments["/user"]))
44	-	{
45	-	users = File.ReadAllLines(arguments["/user"]);
46	-	}
47	-	else
48	-	{
49	-	string[] parts = arguments["/user"].Split('\\');
50	-	if (parts.Length == 2)
51	-	{
52	-	domain = parts[0];
53	-	users = parts[1].Split(',');
54	-	}
55	-	else
56	-	{
57	-	users = arguments["/user"].Split(',');
58	-	}
59	-	}
60	-	}
61	-
62	-	if (arguments.ContainsKey("/domain"))
63	-	{
64	-	domain = arguments["/domain"];
65	-	}
66	-	if (arguments.ContainsKey("/dc"))
67	-	{
68	-	dc = arguments["/dc"];
69	-	}
70	-	if (arguments.ContainsKey("/ticket"))
71	-	{
72	-	ticket = arguments["/ticket"];
73	-	}
74	-
75	-	if (arguments.ContainsKey("/computername"))
76	-	{
77	-	if (File.Exists(arguments["/computername"]))
78	-	{
79	-	computernames = File.ReadAllLines(arguments["/computername"]);
80	-	}
81	-	else
82	-	{
83	-	computernames = arguments["/computername"].Split(',');
84	-	}
85	-	}
86	-	else
87	-	{
88	-	Console.WriteLine("[-] /computername must be supplied!");
89	-	return;
90	-	}
91	-
92	-	if (arguments.ContainsKey("/encType"))
93	-	{
94	-	string encTypeString = encType.ToString().ToUpper();
95	-
96	-	if (encTypeString.Equals("RC4") \|\| encTypeString.Equals("NTLM"))
97	-	{
98	-	encType = Interop.KERB_ETYPE.rc4_hmac;
99	-	}
100	-	else if (encTypeString.Equals("AES128"))
101	-	{
102	-	encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1;
103	-	}
104	-	else if (encTypeString.Equals("AES256") \|\| encTypeString.Equals("AES"))
105	-	{
106	-	encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1;
107	-	}
108	-	else if (encTypeString.Equals("DES"))
109	-	{
110	-	encType = Interop.KERB_ETYPE.des_cbc_md5;
111	-	}
112	-	}
113	-	else
114	-	encType = Interop.KERB_ETYPE.rc4_hmac;
115	-
116	-	if (arguments.ContainsKey("/password"))
117	-	{
118	-	if (File.Exists(arguments["/password"]))
119	-	passwords = File.ReadAllLines(arguments["/password"]);
120	-	else
121	-	passwords = arguments["/password"].Split(',');
122	-	}
123	-	else if (arguments.ContainsKey("/des"))
124	-	{
125	-	if (File.Exists(arguments["/des"]))
126	-	hashes = File.ReadAllLines(arguments["/des"]);
127	-	else
128	-	hashes = arguments["/des"].Split(',');
129	-	encType = Interop.KERB_ETYPE.des_cbc_md5;
130	-	}
131	-	else if (arguments.ContainsKey("/rc4"))
132	-	{
133	-	if (File.Exists(arguments["/rc4"]))
134	-	hashes = File.ReadAllLines(arguments["/rc4"]);
135	-	else
136	-	hashes = arguments["/rc4"].Split(',');
137	-	encType = Interop.KERB_ETYPE.rc4_hmac;
138	-	}
139	-	else if (arguments.ContainsKey("/ntlm"))
140	-	{
141	-	if (File.Exists(arguments["/ntlm"]))
142	-	hashes = File.ReadAllLines(arguments["/ntlm"]);
143	-	else
144	-	hashes = arguments["/ntlm"].Split(',');
145	-	encType = Interop.KERB_ETYPE.rc4_hmac;
146	-	}
147	-	else if (arguments.ContainsKey("/aes128"))
148	-	{
149	-	hashes = arguments["/aes128"].Split(',');
150	-	encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1;
151	-	}
152	-	else if (arguments.ContainsKey("/aes256"))
153	-	{
154	-	hashes = arguments["/aes256"].Split(',');
155	-	encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1;
156	-	}
157	-
158	-	if (users.Length == 0 && String.IsNullOrEmpty(ticket))
159	-	{
160	-	Console.WriteLine("\r\n[X] You must supply a user name!\r\n");
161	-	return;
162	-	}
163	-	if (String.IsNullOrEmpty(domain) && String.IsNullOrEmpty(ticket))
164	-	{
165	-	Console.WriteLine("\r\n[X] You must supply a domain!\r\n");
166	-	return;
167	-	}
168	-
169	-	if ((hashes.Length == 0 && passwords.Length == 0) && String.IsNullOrEmpty(ticket))
170	-	{
171	-	Console.WriteLine("\r\n[X] You must supply a /password , or a [/des\|/rc4\|/aes128\|/aes256] hash!\r\n");
172	-	return;
173	-	}
174	-
175	-	if (String.IsNullOrEmpty(ticket) && (!((encType == Interop.KERB_ETYPE.des_cbc_md5) \|\| (encType == Interop.KERB_ETYPE.rc4_hmac) \|\| (encType == Interop.KERB_ETYPE.aes128_cts_hmac_sha1) \|\| (encType == Interop.KERB_ETYPE.aes256_cts_hmac_sha1))))
176	-	{
177	-	Console.WriteLine("\r\n[X] Only /des, /rc4, /aes128, and /aes256 are supported at this time.\r\n");
178	-	return;
179	-	}
180	-
181	-	foreach (string computername in computernames)
182	-	{
183	-	CimSession cimSession;
184	-	cimSession = Cim.newSession(computername, "", "", "", true);
185	-	Scan.CIM(cimSession, module);
186	-	}
187	-	}
188	-	}
189	-	}

cleanup