From 7946b069a6b9bcbe68065c2d14e7e3e45e992d70 Mon Sep 17 00:00:00 2001 From: mvelazco Date: Sun, 11 Jul 2021 16:38:55 -0400 Subject: [PATCH] minor fixes --- PurpleSharp/Lib/NamedPipes.cs | 10 ++++---- PurpleSharp/Program.cs | 11 +++----- PurpleSharp/Simulations/CredAccess.cs | 1 - PurpleSharp/Simulations/LateralMovement.cs | 30 ---------------------- 4 files changed, 8 insertions(+), 44 deletions(-) diff --git a/PurpleSharp/Lib/NamedPipes.cs b/PurpleSharp/Lib/NamedPipes.cs index 9972dc1..0d11739 100644 --- a/PurpleSharp/Lib/NamedPipes.cs +++ b/PurpleSharp/Lib/NamedPipes.cs @@ -192,24 +192,24 @@ public static SimulationPlaybook RunSimulationServiceSerialized(string npipe, st PipeSecurity ps = new PipeSecurity(); ps.SetAccessRule(new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow)); - logger.TimestampInfo("starting Simulator!"); + //logger.TimestampInfo("starting Simulator!"); using (var pipeServer = new NamedPipeServerStream(npipe, PipeDirection.InOut, 1, PipeTransmissionMode.Message, PipeOptions.Asynchronous, 4028, 4028, ps)) { SimulationResponse sim_response; - logger.TimestampInfo("Waiting for client connection..."); + //logger.TimestampInfo("Waiting for client connection..."); pipeServer.WaitForConnection(); - logger.TimestampInfo("Client connected."); + //logger.TimestampInfo("Client connected."); var messageBytes = ReadMessage(pipeServer); var line = Encoding.UTF8.GetString(messageBytes); - logger.TimestampInfo("Received from client: " + line); + //logger.TimestampInfo("Received from client: " + line); SimulationRequest sim_request = JsonConvert.DeserializeObject(line); playbook = sim_request.playbook; sim_response = new SimulationResponse("ACK"); byte[] bytes_sim_response = Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(sim_response)); pipeServer.Write(bytes_sim_response, 0, bytes_sim_response.Length); - logger.TimestampInfo("Replied to client: " + Encoding.UTF8.GetString(bytes_sim_response)); + //logger.TimestampInfo("Replied to client: " + Encoding.UTF8.GetString(bytes_sim_response)); pipeServer.Disconnect(); return playbook; } diff --git a/PurpleSharp/Program.cs b/PurpleSharp/Program.cs index c26760b..631557d 100644 --- a/PurpleSharp/Program.cs +++ b/PurpleSharp/Program.cs @@ -315,14 +315,13 @@ public static void Main(string[] args) string json = File.ReadAllText(pb_file); SimulationExercise engagement = Json.ReadSimulationPlaybook(json); string currentPath = AppDomain.CurrentDomain.BaseDirectory; - Lib.Logger logger = new Lib.Logger(currentPath + log); + Logger logger = new Logger(currentPath + log); if (engagement != null) { if (engagement.type.Equals("local")) { logger.TimestampInfo(String.Format("PurpleSharp will execute up to {0} playbook(s) locally", engagement.playbooks.Count)); - //Console.WriteLine("[+] PurpleSharp will execute up to {0} playbook(s) locally", engagement.playbooks.Count); SimulationPlaybook lastPlaybook = engagement.playbooks.Last(); string results =""; foreach (SimulationPlaybook playbook in engagement.playbooks) @@ -351,10 +350,8 @@ public static void Main(string[] args) logger.TimestampInfo(String.Format("Sleeping {0} seconds until next playbook...", engagement.sleep)); Thread.Sleep(1000 * engagement.sleep ); } - } } - logger.TimestampInfo("Writting JSON results..."); results = File.ReadAllText(log); string output_file = pb_file.Replace(".json", "") + "_results.json"; @@ -836,7 +833,7 @@ public static SimulationPlaybookResult ExecuteRemoteTechniquesJsonSerialized(Sim sim_request = new SimulationRequest("ACT"); result = NamedPipes.RunClientSerialized(playbook.remote_host, exercise.domain, exercise.username, exercise.password, scout_np, Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(sim_request))); - System.Threading.Thread.Sleep(5000); + Thread.Sleep(5000); bool finished = false; int counter = 1; string results = RemoteLauncher.readFile(playbook.remote_host, simfolder + log, exercise.username, exercise.password, exercise.domain); @@ -844,6 +841,7 @@ public static SimulationPlaybookResult ExecuteRemoteTechniquesJsonSerialized(Sim { if (results.Split('\n').Last().Contains("Playbook Finished")) { + Console.WriteLine("[+] Results:"); Console.WriteLine(); Console.WriteLine(results); @@ -1180,9 +1178,6 @@ public static void ExecutePlaybookTask(PlaybookTask playbook_task, string log) else if (playbook_task.variation == 2) Simulations.LateralMovement.CreateRemoteServiceOnHosts(playbook_task, log); else if (playbook_task.variation == 3) Simulations.LateralMovement.ModifyRemoteServiceOnHosts(playbook_task, log); break; - - - // Collection // Command and Control diff --git a/PurpleSharp/Simulations/CredAccess.cs b/PurpleSharp/Simulations/CredAccess.cs index a6dd6bd..5ea5fd7 100644 --- a/PurpleSharp/Simulations/CredAccess.cs +++ b/PurpleSharp/Simulations/CredAccess.cs @@ -197,7 +197,6 @@ public static void LsassMemoryDump(string log) { logger.SimulationFailed(ex); } - } } diff --git a/PurpleSharp/Simulations/LateralMovement.cs b/PurpleSharp/Simulations/LateralMovement.cs index b37348f..c6dfc58 100644 --- a/PurpleSharp/Simulations/LateralMovement.cs +++ b/PurpleSharp/Simulations/LateralMovement.cs @@ -248,35 +248,5 @@ static public void CreateSchTaskOnHostsCmdline(PlaybookTask playbook_task, strin } } - static public void CreateSchTaskOnHosts_Old(int nhost, int sleep, bool cleanup) - { - /* - var rand = new Random(); - int computertype = rand.Next(1, 6); - - List targethosts = Lib.Targets.GetHostTargets(computertype, nhost); - List tasklist = new List(); - Console.WriteLine("[*] Starting Scheduled Task based Lateral Movement simulation from {0} running as {1}", Environment.MachineName, WindowsIdentity.GetCurrent().Name); - if (sleep > 0) Console.WriteLine("[*] Sleeping {0} seconds between attempt", sleep); - foreach (Computer computer in targethosts) - { - if (!computer.Fqdn.ToUpper().Contains(Environment.MachineName.ToUpper())) - { - Computer temp = computer; - LateralMovementHelper.CreateRemoteScheduledTask(temp, "powershell.exe", cleanup); - - tasklist.Add(Task.Factory.StartNew(() => - { - LateralMovementHelper.CreateRemoteScheduledTask(computer, command, cleanup); - })); - if (sleep > 0) Thread.Sleep(sleep * 1000); - - } - } - //Task.WaitAll(tasklist.ToArray()); - */ - - } - } } \ No newline at end of file