Usually a Crimson Crew engagement is extra than simply attaining Area Admin. Some purchasers will wish to see if particular customers within the area could be compromised, for instance the CEO.
SharpSniper is a straightforward software to seek out the IP handle of those customers so as to goal their field.
It requires that you’ve privileges to learn logs on Area Controllers.
First it queries and makes a listing of Area contollers, then seek for Log-on occasions on any of the DCs for the consumer you’re searching for after which reads the latest DHCP allotted logon IP handle.
N.B. Construct may also goal .web framework v3.5 if wanted.
Utilization
cmd.exe (Provide credentials)
C:> SharpSniper.exe emusk DomainAdminUser DAPass123Person: emusk - IP Handle: 192.168.37.130
cmd.exe (Present authentication token e.g. Mimikatz pth)
C:> SharpSniper.exe emuskPerson: emusk - IP Handle: 192.168.37.130
Cobalt Strike (Provide credentials)
> execute-assembly /path/to/SharpSniper.exe emusk DomainAdminUser DAPass123Person: emusk - IP Handle: 192.168.37.130
Cobalt Strike (Beacon’s token)
> execute-assembly /path/to/SharpSniper.exe emuskPerson: emusk - IP Handle: 192.168.37.130
Writer
Tom Kallo
