Active Members Fi8sVrs Posted December 20, 2018 Active Members Report Share Posted December 20, 2018 (edited) SharpFruit SharpFruit is a c# port of Find-Fruit.ps1 SharpFruit is intended to aid Penetration Testers in finding juicy targets on internal networks without nmap scanning. As an example, one could execute SharpFruit.exe through Cobalt Strike's Beacon "execute-assembly" module. Example usage beacon>execute-assembly /root/SharpFruit/SharpFruit.exe --cidr 10.10.1.0/24 --port 8080 OR an example using SSL beacon>execute-assembly /root/SharpFruit/SharpFruit.exe --cidr 10.10.1.0/24 --port 9443 --ssl+ --useragent "GoogleBotIsInsideYourNetwork" Source: https://github.com/rvrsh3ll/SharpFruit.git Edited December 20, 2018 by OKQL 3 Quote Link to comment Share on other sites More sharing options...
gigiRoman Posted December 20, 2018 Report Share Posted December 20, 2018 SharpFruit/Program.cs totul e aici. // List of potentially vulnerable URI's List<string> uris = new List<string>(); E al tau? Quote Link to comment Share on other sites More sharing options...
Active Members Fi8sVrs Posted December 20, 2018 Author Active Members Report Share Posted December 20, 2018 (edited) Nu am primit tweet //Sunt pe tel, nu reusesc sa repar unitatea Edited December 20, 2018 by OKQL Quote Link to comment Share on other sites More sharing options...
gigiRoman Posted December 20, 2018 Report Share Posted December 20, 2018 // List of potentially vulnerable URI's List<string> uris = new List<string>(); Pentru lista de uriuri vulnerabile concateneaza cu ipurile generate de lukeskywalker, face intr-un paralel foreach requesturi si daca ii raspunde cu 200 il marcheaza ca vulnerabil. Nice! Totusi lista ar fi trebuit sa si-o ia din config. Multumesc. Quote Link to comment Share on other sites More sharing options...
u0m3 Posted December 23, 2018 Report Share Posted December 23, 2018 On 12/20/2018 at 11:38 AM, gigiRoman said: Totusi lista ar fi trebuit sa si-o ia din config. Nu chiar... Din cate imi dau seama, scopul acestei jucarii e sa fie rulata prin CobaltStrike: clientul CobaltStrike citeste exe-ul, il trimite Beacon-ului, acesta il executa din memorie si iti returneaza output-ul. Exe-ul nu ajunge ca fisier pe la victima. Corolar si pentru https://github.com/rvrsh3ll/SharpPrinter 1 Quote Link to comment Share on other sites More sharing options...
gigiRoman Posted December 24, 2018 Report Share Posted December 24, 2018 (edited) 12 hours ago, u0m3 said: Nu chiar... Din cate imi dau seama, scopul acestei jucarii e sa fie rulata prin CobaltStrike: clientul CobaltStrike citeste exe-ul, il trimite Beacon-ului, acesta il executa din memorie si iti returneaza output-ul. Exe-ul nu ajunge ca fisier pe la victima. Corolar si pentru https://github.com/rvrsh3ll/SharpPrinter Vad ca are app.config file. Si are si references. https://drive.google.com/file/d/1g57RHYgILV2BeeQwQ81XNRKkqIG2AhZ2/view?usp=drivesdk Cobalstrike client este pe pc-ul pentesterului si beaconul e pe masina victima? Beaconul e process sau e ceva injectat? Din ce imi pare mie beaconul are un tcp/network client cu posibilitatea de run cmd sau run process ca in linkul de mai sus. Adevarat @u0m3? Edited December 24, 2018 by gigiRoman Quote Link to comment Share on other sites More sharing options...
u0m3 Posted December 24, 2018 Report Share Posted December 24, 2018 13 hours ago, gigiRoman said: Vad ca are app.config file. Si are si references. Din ce am vazut in https://github.com/rvrsh3ll/SharpFruit/blob/master/SharpFruit/app.config e doar de forma. Nu are ceva relevant configurat acolo. 13 hours ago, gigiRoman said: Cobalstrike client este pe pc-ul pentesterului si beaconul e pe masina victima? Cobalt Strike este conceput plecand de la premisa unei echipe de atacatori ce lucreaza impreuna. Este impartit intr-un server si un client. Serverul, sub forma binarului teamserver, este managerul systemelor infectate, si gazda functionalitatii social engineering. De asemenea tine si datele colectate de pe victime. Clientul, sub forma unei arhive java cobaltstrike.jar, este generatorul de noi payload-uri Beacon, interfata prin care interactionezi cu beacon-urile conectate la serverul (sau serverele) la care este conectat, etc. Beacon este payload-ul, asemanator cu meterpreter din metasploit. Modul in care va rula, depinde de modul de infectie. Dar in ziua de azi, probabil va fi un binar, sunt mai rare exploit-urile ce permit executarea arbitrara de cod. Mult mai simplu este sa pacalesti un utilizator sa iti ruleze "fericirea". Marele avantaj al acestei arhitecturi reiese din abilitatea de a avea mai multe servere, in functie de nevoi si de nivelul de invizibilitate necesar. Pentru mai multe informatii iti recomand https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki/blob/master/README.md ca punct de plecare. Referinte: Manualul Cobalt Strike Pagina de help a Beacon Anuntul de pe blog, a functiei execute-assembly https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki 2 Quote Link to comment Share on other sites More sharing options...
ARUBA Posted December 25, 2018 Report Share Posted December 25, 2018 https://rstforums.com/forum/topic/109775-cobalt-strike-trial/ Quote Link to comment Share on other sites More sharing options...