Skip to content

Repository of Windows offensive techniques implemented in C#. Work in progress.

License

Notifications You must be signed in to change notification settings

huskersec/SharpArsenal

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SharpArsenal

Repository of Windows offensive techniques implemented in C#. Meant to be a study of techniques implemented in Cobalt Strike's Beacon, Metasploit's Meterpreter, and some Mimikatz functionality as well.

GetSystem/GetSystemDLL

Implements three techniques:

  1. Service/pipe creation and execution of cmd.exe /c echo getsysdata > \\.\pipe\getsys
  2. Service/pipe creation and execution of DLL written to disk that executes rundll32.exe GetSystemDLL.dll,ConnectPipe
  3. Steals a token from the winlogon process and executes a process with the token

StealToken

Steal a token from a given PID or process name and create a new process with the token.

MakeToken

Given a username and password, utilize the LogonUserA() function to interact with network resources as the provided user.

SpawnJect

Mimick Cobalt Strike techniques for process injection. Implements five techniques:

  1. Spawn rundll32 (x86/x64) and inject a payload into the process
  2. Spawn to a program of choice (x86/x64) and inject a payload into the process
  3. Inject a payload into a currently-running process (x86/x64)
  4. Reflective DLL injection of a DLL of your choosing into a currently-running process (x86/x64) - thanks to @monoxgas for the sRDI project. I merely merged their project into this one to allow for reflective DLL injection.
  5. Load an on-disk DLL into a currently-running process (x86/x64)

References

Meterpreter Elevator Source

What happens when I type getsystem? - Cobalt Strike

Windows Access Tokens and Alternate Credentials - Cobalt Strike

Understanding and Defending Against Access Token Theft: Finding Alternatives to winlogon.exe - SpecterOps

GhostPack\SharpWMI Source

@monoxgas

@monoxgas - sRDI Github Project

About

Repository of Windows offensive techniques implemented in C#. Work in progress.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages