Disclaimer
I take not responsibility for your use of the software. Development is done in my personal capacity and carry no affiliation to my work.
ShareAttack!
Crawl any windows network with Active Directory for computers and subsequently launch an attack on weak file permissions.
Usage: Run ShareAttack!.py, ensure DSQUERY and SHARELOCATOR are included in the same root folder.
Synops: This attack exploits weak file permissions allowing users to overwrite file permissions assigned to file shares. Instead of exploiting file shares to gain access, the attack focuses on DENYING access to file shares. The attack uses the exploited account's credentials, (administrator account will be much more powerful).
Files:
- ShareAttack!.py (main file to launch attack)
- dsquery.exe (standard DSQUERY to extract AD computers) https://technet.microsoft.com/en-us/library/cc732952(v=ws.11).aspx
- sharelocator.exe (Extract file shares from target server using srvsvc.NetShareEnumAll MSRPC function and then apply deny permissions (C++ please request source))
Walkthrough:
- Load files onto target.
- Execute ShareAttack!.py
- Will automatically execute dsquery command to extract domain computers.
- Test computers and retain active hosts.
- Pass active computers onto ShareLocator.
- ShareLocator will find all fileshares on target.
- Attempt to apply DENY permission for each user with access.
Requirements:
- Windows computer environment, with AD for dsquery.
- Python 3.6 feel free to port, reference GIT please.
- Weak file permissions :P
Version: 0.1
Parameters: $crawl_limit: set amount of computers to extract from AD, 0 extracts all.
Alternatives [future to-do]:
- ShareAttack!.py not required, can use only sharelocator.exe
Sharelocator <servername> - Replace DSQUERY with IP range or provide option to user at startup
- Port .py to Windows
Note that non lethal version is uploaded, please msg to request lethal version