SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. SharpHose takes into consideration the domain password policy, including fine grained password policies, in an attempt to avoid account lockouts. Fine grained password policies are enumerated for the users and groups that that the policy applies to. If the policy applied also to groups, the group users are captured. All enabled domain users are then classified according to their password policies, in order of precedence, and marked as safe or unsafe. The remaining users are filtered against an optional user-supplied exclude list.
Besides just spraying, red team operators can view all of the password policies for a domain, all the users affected by the policy, or just view the enabled domain users. Output can be sent directly to the console or to a user-supplied output folder.
Follow me on Twitter for some more tool releases soon! @ustayready

Nozzles
Nozzles are built-in methods of spraying. While currently only supporting one Nozzle (LDAP), it's written in a way that makes it easily extendable.

LDAP
Active Directory spraying nozzle using the LDAP protocol

• Asynchronous spraying for faster, but not too fast, results
  
• Domain joined and non-joined spraying
  
• Tight integration w/ domain password policies and fine grained password policies
  
• Smart lockout prevention (lockoutThreshold n-1 just to be safe)
  
• Optionally spray to specific domains and domain controllers
  
• View password policies and the affected users
  

Coming soon!

• MSOL
  
• OWA/EWS
  
• Lync
  

Compilation

• Built using Visual Studio 2019 Community Edition
  
• .NET Framework 4.5
  

Usage Examples
Cobalt Strike Users
Be sure to use the --auto to avoid the interactive prompts in SharpHose. Also, prepare your arguments locally so you can read the description before running. If you don't pass any arguments over execute-assembly, then SharpHose throws a "Missing Argument Exception" and Cobalt Strike won't return any output. You will know this is happening when you see [-] Invoke_3 on EntryPoint failed. This will be fixed eventually.
Domain Joined Spray w/o Interaction SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto
Domain Joined Spray w/ Exclusions SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --exclude c:\temp\exclusion_list.txt
Non-Domain Joined Spray SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --domain lab.local --username demo --password DemoThePlanet --output c:\temp\
Domain Joined Show Policies Active Directory stores durations in negative large integer values which need to lapse after the last lockoutThreshold is exceeded. In future versions these will be formatted cleaner. SharpHose.exe --action GET_POLICIES --output c:\temp\
Domain Joined Show Policy Users SharpHose.exe --action GET_POLICY_USERS --policy lab --output c:\temp\
Domain Joined Show All Users SharpHose.exe --action GET_ENABLED_USERS --output c:\temp\
Domain Joined Spray Using Cobalt Strike execute-assembly /path/to/SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto

Shout-Outs

• CrowdStrike Red Team Labs.. Stay tuned for new hotness! https://www.crowdstrike.com/blog/author/red-team-labs/ pss.. if you didn't know, CrowdStrike offers Red Team Services and the operators have some killer tradecraft :)

Download SharpHose

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related news

1. Hackrf Tools
2. Best Pentesting Tools 2018
3. Hacker Tools 2020
4. Wifi Hacker Tools For Windows
5. Growth Hacker Tools
6. Pentest Tools Website
7. Hacking Tools Mac
8. Hack Tools Download
9. Hacker
10. Underground Hacker Sites
11. Hacking Tools For Mac
12. Hacks And Tools
13. Hacking Tools Free Download
14. Usb Pentest Tools
15. Hacks And Tools
16. Hak5 Tools
17. Hacker Tools Online
18. Physical Pentest Tools
19. Hacking Tools For Pc
20. Pentest Tools Android
21. Hacker Tools Hardware
22. Hacker Hardware Tools
23. Tools Used For Hacking
24. Hack Tool Apk No Root
25. Hacking Tools For Windows
26. Hackrf Tools
27. Ethical Hacker Tools
28. Best Pentesting Tools 2018
29. Hacker Tools For Mac
30. Pentest Tools Free
31. Pentest Tools Subdomain
32. Android Hack Tools Github
33. Pentest Recon Tools
34. What Are Hacking Tools
35. Pentest Tools Online
36. Hacking Tools Software
37. Pentest Tools Linux
38. Android Hack Tools Github
39. Hack Rom Tools
40. Pentest Tools Android
41. Hack Tools For Windows
42. Pentest Tools Open Source
43. Hack And Tools
44. Ethical Hacker Tools
45. Underground Hacker Sites
46. Hacking Tools Github
47. Hacker Tools Free Download
48. Hacking Tools Free Download
49. Hack Website Online Tool
50. Hacking Tools Software
51. Hacker Search Tools
52. Growth Hacker Tools
53. Tools Used For Hacking
54. Hack Tool Apk
55. Hacker Tools Online
56. Hack And Tools
57. Hack Apps
58. Ethical Hacker Tools
59. Pentest Tools Url Fuzzer
60. Pentest Tools Kali Linux
61. Pentest Tools For Android
62. Termux Hacking Tools 2019
63. Hacking Tools Usb
64. Hacker Tools Software
65. Hacker Tools For Pc
66. Hacker Security Tools
67. Hacking App
68. Top Pentest Tools
69. Hack Tools For Pc
70. Android Hack Tools Github