Shulou(Shulou.com)05/31 Report--

This article mainly shows you "what is SharpMapExec", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn this article "what is SharpMapExec?"

SharpMapExec

SharpMapExec is an advanced Swiss Knife for network penetration testing. This tool is based on CrackMapExec and can be understood as an optimized version of CrackMapExec. The purpose of this tool is to simplify the task operation of network penetration testing, and to provide a multi-functional penetration testing platform, which currently only supports running on the Windows operating system, which also meets the common requirements of internal threat simulation attack and defense.

In addition to scanning access permissions, it can also be used to identify secure misconfigurations and to filter data. The core implementation idea of the data filtering module is to execute the least necessary code on a remote computer. To accomplish this task, the tool will download all sensitive data to the loot directory and parse it locally.

Most researchers can specify whether to use Kerberos or NTLM authentication, and if Kerberos is selected, the tool will create a token and use Rubeus to import or request credentials. If NTLM is specified, the corresponding tool will create a thread and run SetThreadToken using SharpKatz (if a NTLM hash is specified).

Tools use SharpMapExec.exe usage:-Smb-SharpMapExec.exe ntlm smb / user:USER / ntlm:HASH / domain:DOMAIN / computername:TARGET SharpMapExec.exe kerberos smb / computername:TARGET Available Smb modules / m:shares-WinRm-SharpMapExec.exe ntlm winrm / user:USER / password:PASSWORD / domain:DOMAIN / computername:TARGET SharpMapExec.exe kerberos winrm / computername:TARGET Available WinRm modules / m:exec / a:whoami (Invoke-Command) / m:exec / avision C:\ beacon.exe / system (Invoke-Command as System) / m:comsvcs (Dump Lsass Process) / m:secrets (Dump and Parse Sam) Lsa And System Dpapi blobs) / m:assembly / p:Rubeus.exe / a:dump (Execute Local C # Assembly in memory) / m:assembly / p:beacon.exe / system (Execute Local C # Assembly as System in memory) / m:download / path:C:\ file / destination:file (Download File from Host)-Domain-SharpMapExec.exe kerbspray / users:USERS. TXT / passwords:PASSWORDS.TXT / domain:DOMAIN / dc:DC SharpMapExec.exe tgtdelegSMB

Can be used to scan SMB shares that are accessed or accessible by administrators.

Module:

/ m:shares (Scan enumerated shares for access) WinRM

This module has built-in functions such as AMSI bypass, JEA language interrupt and JEA function analysis, and can be used for code execution, scanning PsRemote access, vulnerable JEA nodes and data filtering.

Domain

Domain password spray is currently supported and a TGT is created for the current user, which can be used with the / ticket parameter to get the current context.

The tool supports the execution of a large number of C# programs in memory:

Kerberos password spray and scan local administrator access:

The project supports scanning JEA nodes, analyzes the source code of non-default commands, and checks that the node is not configured in no-language mode:

Use a NT hash to scan the local administrator password reuse:

Dump the Lsass process in bulk and save it to the loot folder:

In some scenarios where Kerberos is used, the user may be required to synchronize the DC clock and set the DNS:

Net time\\ DC01.hackit.local / setGet-NetAdapter ethernet0* | Set-DnsClientServerAddress-ServerAddresses @ ('192.168.1.10') these are all the contents of the article "what is SharpMapExec?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.