Saturday, August 29, 2020

SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments


SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. SharpHose takes into consideration the domain password policy, including fine grained password policies, in an attempt to avoid account lockouts. Fine grained password policies are enumerated for the users and groups that that the policy applies to. If the policy applied also to groups, the group users are captured. All enabled domain users are then classified according to their password policies, in order of precedence, and marked as safe or unsafe. The remaining users are filtered against an optional user-supplied exclude list.
Besides just spraying, red team operators can view all of the password policies for a domain, all the users affected by the policy, or just view the enabled domain users. Output can be sent directly to the console or to a user-supplied output folder.
Follow me on Twitter for some more tool releases soon! @ustayready

Nozzles
Nozzles are built-in methods of spraying. While currently only supporting one Nozzle (LDAP), it's written in a way that makes it easily extendable.

LDAP
Active Directory spraying nozzle using the LDAP protocol
  • Asynchronous spraying for faster, but not too fast, results
  • Domain joined and non-joined spraying
  • Tight integration w/ domain password policies and fine grained password policies
  • Smart lockout prevention (lockoutThreshold n-1 just to be safe)
  • Optionally spray to specific domains and domain controllers
  • View password policies and the affected users

Coming soon!
  • MSOL
  • OWA/EWS
  • Lync

Compilation
  • Built using Visual Studio 2019 Community Edition
  • .NET Framework 4.5

Usage Examples
Cobalt Strike Users
Be sure to use the --auto to avoid the interactive prompts in SharpHose. Also, prepare your arguments locally so you can read the description before running. If you don't pass any arguments over execute-assembly, then SharpHose throws a "Missing Argument Exception" and Cobalt Strike won't return any output. You will know this is happening when you see [-] Invoke_3 on EntryPoint failed. This will be fixed eventually.
Domain Joined Spray w/o Interaction SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto
Domain Joined Spray w/ Exclusions SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --exclude c:\temp\exclusion_list.txt
Non-Domain Joined Spray SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --domain lab.local --username demo --password DemoThePlanet --output c:\temp\
Domain Joined Show Policies Active Directory stores durations in negative large integer values which need to lapse after the last lockoutThreshold is exceeded. In future versions these will be formatted cleaner. SharpHose.exe --action GET_POLICIES --output c:\temp\
Domain Joined Show Policy Users SharpHose.exe --action GET_POLICY_USERS --policy lab --output c:\temp\
Domain Joined Show All Users SharpHose.exe --action GET_ENABLED_USERS --output c:\temp\
Domain Joined Spray Using Cobalt Strike execute-assembly /path/to/SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto

Shout-Outs




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Continue reading


  1. Best Hacking Tools 2019
  2. Hacking Tools Pc
  3. Pentest Automation Tools
  4. Pentest Tools
  5. Blackhat Hacker Tools
  6. What Is Hacking Tools
  7. Hack Tools Download
  8. Hack Tools For Mac
  9. Hacker Tools List
  10. Hack Tools Github
  11. Hak5 Tools
  12. Hacker Tools Linux
  13. Pentest Tools Nmap
  14. Hacker Tools 2019
  15. Hacking Tools Pc
  16. Hacking Tools For Beginners
  17. Hacker Tools For Pc
  18. Hacking Apps
  19. Hacking Tools 2019
  20. Pentest Tools Nmap
  21. New Hack Tools
  22. Game Hacking
  23. Hack Tools 2019
  24. Hacker Tools Software
  25. Hack Tool Apk
  26. Growth Hacker Tools
  27. Tools For Hacker
  28. Hack Tools For Games
  29. Pentest Tools For Android
  30. Hacker Tools Windows
  31. Hacking Tools For Pc
  32. Hacking Tools For Beginners
  33. Pentest Tools Online
  34. Computer Hacker
  35. Hacker Tools Linux
  36. What Is Hacking Tools
  37. Hacking Tools Github
  38. Top Pentest Tools
  39. Hack Website Online Tool
  40. Pentest Tools
  41. Hack Tools
  42. Physical Pentest Tools
  43. Hacking Tools For Kali Linux
  44. Growth Hacker Tools
  45. Free Pentest Tools For Windows
  46. Install Pentest Tools Ubuntu
  47. Hack Tools Pc
  48. Bluetooth Hacking Tools Kali
  49. How To Install Pentest Tools In Ubuntu
  50. Hacker Tools Mac
  51. Pentest Reporting Tools
  52. Hacking Tools
  53. Hacking Tools Kit
  54. Hacking Tools Name
  55. Hacker Tools Apk Download
  56. How To Hack
  57. Hacking Tools Download
  58. Best Pentesting Tools 2018
  59. Hacker
  60. Hackrf Tools
  61. Kik Hack Tools
  62. Hacker
  63. Pentest Tools For Ubuntu
  64. Hacker Tool Kit
  65. Hacking Tools Mac
  66. Hacking Tools For Beginners
  67. Top Pentest Tools
  68. Hacking Tools Software
  69. Install Pentest Tools Ubuntu
  70. Hacking Tools Mac
  71. Install Pentest Tools Ubuntu
  72. Best Pentesting Tools 2018
  73. Pentest Tools Website Vulnerability
  74. Hacking Tools Kit
  75. Hack Tools For Games
  76. What Is Hacking Tools
  77. Hacker Tools Free
  78. Hacker Tools For Ios
  79. Pentest Tools Alternative
  80. Hacker Tools List
  81. New Hacker Tools
  82. Hacker Tools For Windows
  83. Pentest Tools Bluekeep
  84. Hacker Tool Kit
  85. Hacker Hardware Tools
  86. Hacking Tools 2020
  87. Wifi Hacker Tools For Windows
  88. Pentest Tools For Android
  89. Install Pentest Tools Ubuntu
  90. Pentest Tools For Mac
  91. Hacker Tool Kit
  92. Best Hacking Tools 2020
  93. Hacker Tools For Mac
  94. Pentest Tools Port Scanner
  95. Pentest Tools Alternative
  96. Tools 4 Hack
  97. Hacker Tools Linux
  98. Hack Tools
  99. What Is Hacking Tools
  100. Pentest Tools Subdomain
  101. Tools Used For Hacking
  102. Hacker Hardware Tools
  103. Computer Hacker
  104. Install Pentest Tools Ubuntu
  105. Hacker Tools 2020
  106. Hacker Tools For Ios
  107. Hack Tools
  108. Hackrf Tools
  109. Pentest Tools Android
  110. Pentest Tools Open Source
  111. Hacking Tools Github
  112. Pentest Tools
  113. Hacker Tools Hardware
  114. Hacking Tools And Software
  115. Growth Hacker Tools
  116. Hak5 Tools
  117. Top Pentest Tools
  118. Hack Tools Mac
  119. Pentest Tools Open Source
  120. Hacker Tools For Ios
  121. Hacker Tools For Pc
  122. What Is Hacking Tools
  123. Free Pentest Tools For Windows
  124. Pentest Tools Apk
  125. Pentest Tools Tcp Port Scanner
  126. Pentest Tools Nmap
  127. Pentest Tools Windows
  128. Easy Hack Tools
  129. Hacking Tools For Games
  130. Hacking Tools For Windows 7
  131. Hack Website Online Tool
  132. Hacking Tools Software
  133. Hacking Tools For Windows 7
  134. Pentest Tools For Ubuntu
  135. Hacker Tools Linux
  136. Hacking Tools 2019
  137. Pentest Reporting Tools
  138. Hacker Hardware Tools
  139. Hack Tools For Mac
  140. Hacker Tools Online
  141. Growth Hacker Tools
  142. Hacker Tools Windows
  143. Pentest Tools Framework
  144. Pentest Tools Free
  145. Hacker Tools Apk
  146. Hacker Tools Free
  147. Hack Tools 2019
  148. Hack Tools For Pc
  149. Free Pentest Tools For Windows
  150. Nsa Hack Tools
  151. Hacker Tools Apk Download
  152. Hacking Tools And Software
  153. Hack Tools Download
  154. Pentest Tools Windows
  155. Hacker Tools For Ios
  156. Hacker Tools Apk
  157. Hacker Tools Software
  158. Pentest Reporting Tools
  159. What Is Hacking Tools
  160. Hacker Tools For Mac
  161. Best Pentesting Tools 2018
  162. Hacking Tools And Software
  163. Hacker Tools 2020
  164. Game Hacking
  165. Hacking Tools Download
  166. Termux Hacking Tools 2019
  167. Physical Pentest Tools
  168. Nsa Hacker Tools
  169. Hacker Tools Mac
  170. Hacking Tools And Software
  171. Pentest Tools Linux
at