關于SharpStrike

SharpStrike是一款基于C#開發的后滲透工具，該工具可以使用CIM或WMI來查詢遠程系統。除此之外，該工具還可以使用研究人員提供的憑證信息或使用當前的用戶會話。

注意：SharpStrike中的某些命令將使用PowerShell結合WMI以實現其功能。

SharpStrike可以幫助廣大研究人員收集關于目標遠程系統的數據、執行命令以及提取數據等等。該工具允許使用WMI或CIM來跟遠程系統進行連接，而CIM的使用則需要我們獲取到目標系統的管理員權限。

解決方案架構

SharpStrike由三個主組件構成：

服務層：提供核心功能并由UI層使用（cs、ExecuteWMI.cs、ExecuteCIM.cs）；

模型：包含整個項目所有共享的數據類型；

用戶接口：GUI/命令行終端；

工具安裝

我們可以選擇直接使用該項目【Releases頁面】所提供的預構建版本，不過這個版本是在調式模式下構建的。

手動構建

首先，我們需要使用下列命令將該項目源碼克隆至本地：

git clone https://github.com/iomoath/SharpStrike.git

接下來，在Visual Studio中加載項目中的SharpStrike.sln文件。

選擇頂部菜單中的“構建”項，然后構建解決方案。

此時將會生成兩個版本的SharpStrike，即帶有GUI界面的WinForms和命令行終端應用程序，每一個版本都實現的是相同的功能。

工具使用

命令行終端版本

SharpStrike.exe --helpSharpStrike.exe --show-commandsSharpStrike.exe --show-examplesSharpStrike.exe -c ls_domain_adminsSharpStrike.exe -c ls_domain_users_listSharpStrike.exe -c cat -f "c:\users\user\desktop\file.txt" -s [remote IP address]SharpStrike.exe -c cat -f "c:\users\user\desktop\file.txt" -s [remote IP address] -u [username] -d [domain] -p [password] -cSharpStrike.exe -c command_exec -e "quser" -s [remote IP address] -u [username] -d [domain] -p [password]

GUI版本

show-commandsshow-examplesls_domain_adminsls_domain_users_listcat -f "c:\users\user\desktop\file.txt" -s [remote IP address]cat -f "c:\users\user\desktop\file.txt" -s [remote IP address] -u [username] -d [domain] -p [password]command_exec -e "quser" [remote IP address] -u [username] -d [domain] -p [password]

功能介紹

文件操作

cat - Reads the contents of a filecopy - Copies a file from one location to anotherdownload** - Download a file from the targeted machinels - File/Directory listing of a specific directorysearch - Search for a file on a userupload** - Upload a file to the targeted machine

橫向活動

command_exec** - Run a command line command and receive the output. Run with nops flag to disable PowerShelldisable_wdigest - Sets the registry value for UseLogonCredential to zeroenable_wdigest - Adds registry value UseLogonCredentialdisable_winrm** - Disables WinRM on the targeted systemenable_winrm** - Enables WinRM on the targeted systemreg_mod - Modify the registry on the targeted machinereg_create - Create the registry value on the targeted machinereg_delete - Delete the registry on the targeted machineremote_posh** - Run a PowerShell script on a remote machine and receive the outputsched_job - Not implimented due to the Win32_ScheduledJobs accessing an outdated APIservice_mod - Create, delete, or modify system servicesls_domain_users*** - List domain users ls_domain_users_list*** - List domain users sAMAccountName ls_domain_users_email*** - List domain users email address ls_domain_groups*** - List domain user groups ls_domain_admins*** - List domain admin users ls_user_groups*** - List domain user with their associated groupsls_computers*** - List computers on current domain

進程操作

process_kill - Kill a process via name or process id on the targeted machineprocess_start - Start a process on the targeted machineps - Process listing

系統操作

active_users - List domain users with active processes on the targeted systembasic_info - Used to enumerate basic metadata about the targeted systemdrive_list - List local and network drivesshare_list - List network sharesifconfig - Receive IP info from NICs with active network connectionsinstalled_programs - Receive a list of the installed programs on the targeted machinelogoff - Log users off the targeted machinereboot (or restart) - Reboot the targeted machinepower_off (or shutdown) - Power off the targeted machinevacant_system - Determine if a user is away from the systemedr_query - Query the local or remote system for EDR vendors

日志操作

logon_events - Identify users that have logged onto a system* All PowerShell can be disabled by using the --nops flag, although some commands will not execute (upload/download, enable/disable WinRM)** Denotes PowerShell usage (either using a PowerShell Runspace or through Win32_Process::Create method)*** Denotes LDAP usage - "root\directory\ldap" namespace

工具使用演示

GUI版本使用

參考文獻

項目地址

SharpStrike：【GitHub傳送門】

【網絡安全學習攻略】

總結

以上是生活随笔為你收集整理的SharpStrike：基于C#实现的后渗透漏洞利用工具的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。