PurpleSharp icon indicating copy to clipboard operation
PurpleSharp copied to clipboard

Published 20 hours ago verified publisher icon mvelazc0

Run tests on localhost

Open Neo23x0 opened this issue 3 years ago • 1 comments

Is it possible to run the tests against localhost?

C:\malware>PurpleSharp_x64.exe /t 1218.011 /rhost localhost /ruser neo /d DESKTOP-8ERPDM5
Password for DESKTOP-8ERPDM5\neo:

[+] Uploading and executing the Scout on \\localhost\C$\Windows\Temp\Scout.exe

Unhandled Exception: System.Management.ManagementException: User credentials cannot be used for local connections
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObject.Initialize(Boolean getObject)
   at System.Management.ManagementObject.InvokeMethod(String methodName, Object[] args)
   at PurpleSharp.Lib.RemoteLauncher.wmiexec(String rhost, String executionPath, String cmdArgs, String domain, String username, String password)
   at PurpleSharp.Program.ExecuteRemoteTechniquesSerialized(CommandlineParameters cmd_params)
   at PurpleSharp.Program.Main(String[] args)

I can't find an example in the documentation.

Neo23x0 avatar Jun 18 '21 15:06 Neo23x0

Hi Florian. Thanks for your feedback, documentation is not great at the moment, I'm currently working on improving it.

To run local simulations, you don't need to pass the /rhost or /ruser parameters:

C:>PurpleSharp_x64.exe /t T1218.011

06/18/2021 16:07:23 [] Starting T1218.011 Simulation on WIN-HOST-987 06/18/2021 16:07:23 [] Simulator running from C:\Users*\Desktop\PurpleSharp\PurpleSharp_x64.exe with PID:4748 as ATTACKRANGE* 06/18/2021 16:07:23 [] Using the Win32 API call CreateProcess to execute: 'rundll32 "C:\Windows\twain_64.dll"' 06/18/2021 16:07:23 [] Process successfully created. (PID): 4492 06/18/2021 16:07:23 [] Simulation Finished 06/18/2021 16:07:23 [] Playbook Finished.

Another option is to use a JSON file if you want to run several techniques as part of a playbook. Here is an example: https://gist.github.com/mvelazc0/19ad02605ea8c6fe843b1b222a26b092

PurpleSharp.exe /pb variations.json

Let me know if you have any other questions or feedback.

Thanks

mvelazc0 avatar Jun 18 '21 16:06 mvelazc0