SharpHose - Asynchronous Password Spraying Tool In C# For Windows Environments

SharpHose is a C# password spraying tool designed to be fast, safe, and usable over Cobalt Strike's execute-assembly. It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. SharpHose takes into consideration the domain password policy, including fine grained password policies, in an attempt to avoid account lockouts. Fine grained password policies are enumerated for the users and groups that that the policy applies to. If the policy applied also to groups, the group users are captured. All enabled domain users are then classified according to their password policies, in order of precedence, and marked as safe or unsafe. The remaining users are filtered against an optional user-supplied exclude list.
Besides just spraying, red team operators can view all of the password policies for a domain, all the users affected by the policy, or just view the enabled domain users. Output can be sent directly to the console or to a user-supplied output folder.
Follow me on Twitter for some more tool releases soon! @ustayready

Nozzles
Nozzles are built-in methods of spraying. While currently only supporting one Nozzle (LDAP), it's written in a way that makes it easily extendable.

LDAP
Active Directory spraying nozzle using the LDAP protocol

• Asynchronous spraying for faster, but not too fast, results
  
• Domain joined and non-joined spraying
  
• Tight integration w/ domain password policies and fine grained password policies
  
• Smart lockout prevention (lockoutThreshold n-1 just to be safe)
  
• Optionally spray to specific domains and domain controllers
  
• View password policies and the affected users
  

Coming soon!

• MSOL
  
• OWA/EWS
  
• Lync
  

Compilation

• Built using Visual Studio 2019 Community Edition
  
• .NET Framework 4.5
  

Usage Examples
Cobalt Strike Users
Be sure to use the --auto to avoid the interactive prompts in SharpHose. Also, prepare your arguments locally so you can read the description before running. If you don't pass any arguments over execute-assembly, then SharpHose throws a "Missing Argument Exception" and Cobalt Strike won't return any output. You will know this is happening when you see [-] Invoke_3 on EntryPoint failed. This will be fixed eventually.
Domain Joined Spray w/o Interaction SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto
Domain Joined Spray w/ Exclusions SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --exclude c:\temp\exclusion_list.txt
Non-Domain Joined Spray SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --domain lab.local --username demo --password DemoThePlanet --output c:\temp\
Domain Joined Show Policies Active Directory stores durations in negative large integer values which need to lapse after the last lockoutThreshold is exceeded. In future versions these will be formatted cleaner. SharpHose.exe --action GET_POLICIES --output c:\temp\
Domain Joined Show Policy Users SharpHose.exe --action GET_POLICY_USERS --policy lab --output c:\temp\
Domain Joined Show All Users SharpHose.exe --action GET_ENABLED_USERS --output c:\temp\
Domain Joined Spray Using Cobalt Strike execute-assembly /path/to/SharpHose.exe --action SPRAY_USERS --spraypassword Spring2020! --output c:\temp\ --auto

Shout-Outs

• CrowdStrike Red Team Labs.. Stay tuned for new hotness! https://www.crowdstrike.com/blog/author/red-team-labs/ pss.. if you didn't know, CrowdStrike offers Red Team Services and the operators have some killer tradecraft :)

Download SharpHose

via KitPloit

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

More articles

1. Pentest Tools For Ubuntu
2. Pentest Tools Find Subdomains
3. Hacking Tools Free Download
4. Hack Apps
5. Hacking Tools Hardware
6. Hacking Tools Download
7. Hack Rom Tools
8. Best Hacking Tools 2019
9. Hacker Tools 2020
10. Pentest Tools For Windows
11. Hacking App
12. Pentest Box Tools Download
13. Hack Rom Tools
14. Hacker Tools
15. Pentest Tools Bluekeep
16. Physical Pentest Tools
17. Hacker Tools Hardware
18. Pentest Tools Github
19. Hack Tools Mac
20. Hacking Apps
21. New Hack Tools
22. Computer Hacker
23. Hacker Tools List
24. Easy Hack Tools
25. Hacking Apps
26. Pentest Tools Alternative
27. Underground Hacker Sites
28. What Are Hacking Tools
29. Pentest Tools For Ubuntu
30. Pentest Tools Linux
31. Hacker Tools Software
32. Wifi Hacker Tools For Windows
33. Hack Tools Online
34. Computer Hacker
35. Hacker Tools Software
36. Hacking Tools Windows
37. What Are Hacking Tools
38. Install Pentest Tools Ubuntu
39. Hacking Tools Software
40. Pentest Tools Github
41. Hacking Tools Hardware
42. Best Hacking Tools 2020
43. Blackhat Hacker Tools
44. Pentest Tools Linux
45. Hack Tools For Pc
46. Best Hacking Tools 2019
47. Nsa Hack Tools Download
48. Best Hacking Tools 2019
49. Tools Used For Hacking
50. Hacking Tools Hardware
51. Hack Website Online Tool
52. Hacking Tools Download
53. Pentest Tools Apk
54. Hacking Tools For Beginners
55. Pentest Tools Website
56. Easy Hack Tools
57. Hacking Tools For Windows Free Download
58. Hacker Hardware Tools
59. Best Pentesting Tools 2018
60. What Are Hacking Tools
61. Hacking App
62. Pentest Tools Free
63. Kik Hack Tools
64. Hacker Tools
65. Hacking Tools For Beginners
66. Hacking Tools And Software
67. Hacker Tools Mac
68. Tools Used For Hacking
69. Pentest Tools Kali Linux
70. Nsa Hack Tools
71. Hacker Tools 2019
72. Hacking Tools For Windows
73. Hacker Tools Free
74. Pentest Tools Bluekeep
75. Hacking Tools 2019
76. Hacker Tools Free Download
77. Ethical Hacker Tools
78. Hacking Tools Download
79. Pentest Tools For Mac
80. Pentest Tools Open Source
81. Best Hacking Tools 2020
82. Hacker Tools Free Download
83. Hack Tools 2019
84. Hacker Tools 2019
85. Hacker Tools Hardware
86. How To Hack
87. Pentest Box Tools Download
88. Best Hacking Tools 2019
89. Nsa Hacker Tools
90. Nsa Hacker Tools
91. Hackrf Tools
92. Pentest Tools Tcp Port Scanner
93. Hacking Tools For Windows Free Download
94. Hacking Tools Github
95. Pentest Tools Website
96. Pentest Box Tools Download
97. Hacking Tools Windows 10
98. Beginner Hacker Tools
99. New Hacker Tools
100. Hack Tools Github
101. Best Hacking Tools 2020
102. Hacker Tools For Pc
103. Hacking Tools For Kali Linux
104. Pentest Tools Download
105. Hacker Tools Free
106. Hacker Tools List
107. Pentest Tools
108. Hak5 Tools
109. Hacker Tools Linux
110. Pentest Tools For Ubuntu
111. Hacker Tools Mac
112. Pentest Tools Apk
113. Hacker Tools 2020
114. Hacking Tools And Software
115. Hacker Tools Linux
116. Hacker Security Tools
117. Hacker Tools 2020
118. Hacker Tools 2019
119. Hack Tools Github
120. Pentest Tools Kali Linux
121. Hack Tools For Pc
122. Hacking Tools Usb
123. Hacking Tools For Mac
124. Hack Tools For Ubuntu
125. Hacking Tools 2020
126. Pentest Tools Free
127. Hacking Tools Github
128. Hacking Tools Software
129. Hackers Toolbox
130. Hacker Tools Free Download
131. Hacker Tools Mac
132. Pentest Tools Website Vulnerability
133. Hacker Tools Windows
134. Blackhat Hacker Tools
135. Pentest Tools Website
136. Wifi Hacker Tools For Windows
137. Hacking App
138. Blackhat Hacker Tools
139. Hacking Tools Download
140. Pentest Box Tools Download
141. Wifi Hacker Tools For Windows
142. Hacker Tools
143. Hack Apps
144. Pentest Tools Subdomain
145. Pentest Tools Alternative
146. Hacker Techniques Tools And Incident Handling
147. Tools For Hacker
148. Hack Tools For Windows
149. Pentest Tools Online
150. Hacker Tools For Pc
151. Hack Tools Mac
152. Hacking Tools Hardware
153. Hacking Tools Windows
154. Hacking Tools Hardware
155. Hacker Tool Kit
156. Github Hacking Tools
157. Hacking Tools For Games
158. Hack Tools For Windows
159. Hack Tools For Games
160. Hacker Tools Apk
161. Tools Used For Hacking
162. Hacker Security Tools
163. Physical Pentest Tools
164. Hacker Tools List
165. Hack Apps
166. Hacking Tools Software
167. Hacker Hardware Tools
168. Beginner Hacker Tools
169. Blackhat Hacker Tools
170. Pentest Tools Website Vulnerability
171. Hacker Tools Free
172. Best Hacking Tools 2019
173. Tools Used For Hacking