PurpleSharp
PurpleSharp copied to clipboard
Run tests on localhost
Is it possible to run the tests against localhost?
C:\malware>PurpleSharp_x64.exe /t 1218.011 /rhost localhost /ruser neo /d DESKTOP-8ERPDM5
Password for DESKTOP-8ERPDM5\neo:
[+] Uploading and executing the Scout on \\localhost\C$\Windows\Temp\Scout.exe
Unhandled Exception: System.Management.ManagementException: User credentials cannot be used for local connections
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObject.Initialize(Boolean getObject)
at System.Management.ManagementObject.InvokeMethod(String methodName, Object[] args)
at PurpleSharp.Lib.RemoteLauncher.wmiexec(String rhost, String executionPath, String cmdArgs, String domain, String username, String password)
at PurpleSharp.Program.ExecuteRemoteTechniquesSerialized(CommandlineParameters cmd_params)
at PurpleSharp.Program.Main(String[] args)
I can't find an example in the documentation.
Hi Florian. Thanks for your feedback, documentation is not great at the moment, I'm currently working on improving it.
To run local simulations, you don't need to pass the /rhost or /ruser parameters:
C:>PurpleSharp_x64.exe /t T1218.011
06/18/2021 16:07:23 [] Starting T1218.011 Simulation on WIN-HOST-987 06/18/2021 16:07:23 [] Simulator running from C:\Users*\Desktop\PurpleSharp\PurpleSharp_x64.exe with PID:4748 as ATTACKRANGE* 06/18/2021 16:07:23 [] Using the Win32 API call CreateProcess to execute: 'rundll32 "C:\Windows\twain_64.dll"' 06/18/2021 16:07:23 [] Process successfully created. (PID): 4492 06/18/2021 16:07:23 [] Simulation Finished 06/18/2021 16:07:23 [] Playbook Finished.
Another option is to use a JSON file if you want to run several techniques as part of a playbook. Here is an example: https://gist.github.com/mvelazc0/19ad02605ea8c6fe843b1b222a26b092
PurpleSharp.exe /pb variations.json
Let me know if you have any other questions or feedback.
Thanks