T1046 - added csv option to ip_address parameter to test number 10 (#3047)
This commit is contained in:
Thomas de Brelaz
+51
-26
@@ -200,7 +200,7 @@ atomic_tests:
|
||||
- windows
|
||||
input_arguments:
|
||||
ip_address:
|
||||
description: IP-Address within the target subnet. Default is empty and script tries to determine local IP address of attacking machine.
|
||||
description: IP-Address within the target subnet. Default is empty and script tries to determine local IP address of attacking machine. A comma separated list of targe IPs is also accepted (useful to simulate a wider scan while only scanning key host e.g., honeypots)
|
||||
type: string
|
||||
default: ""
|
||||
port_list:
|
||||
@@ -212,33 +212,58 @@ atomic_tests:
|
||||
type: string
|
||||
default: "200"
|
||||
executor:
|
||||
command: |
|
||||
command: |-
|
||||
$ipAddr = "#{ip_address}"
|
||||
if ($ipAddr -eq "") {
|
||||
# Assumes the "primary" interface is shown at the top
|
||||
$interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1
|
||||
Write-Host "[i] Using Interface $interface"
|
||||
$ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress
|
||||
}
|
||||
Write-Host "[i] Base IP-Address for Subnet: $ipAddr"
|
||||
$subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1)
|
||||
# Always assumes /24 subnet
|
||||
Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'"
|
||||
|
||||
$ports = #{port_list}
|
||||
$subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" }
|
||||
|
||||
foreach ($ip in $subnetIPs) {
|
||||
foreach ($port in $ports) {
|
||||
try {
|
||||
$tcp = New-Object Net.Sockets.TcpClient
|
||||
$tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null
|
||||
} catch {}
|
||||
if ($tcp.Connected) {
|
||||
$tcp.Close()
|
||||
Write-Host "Port $port is open on $ip"
|
||||
}
|
||||
if ($ipAddr -like "*,*") {
|
||||
$ip_list = $ipAddr -split ","
|
||||
$ip_list = $ip_list.ForEach({ $_.Trim() })
|
||||
Write-Host "[i] IP Address List: $ip_list"
|
||||
|
||||
$ports = #{port_list}
|
||||
|
||||
foreach ($ip in $ip_list) {
|
||||
foreach ($port in $ports) {
|
||||
Write-Host "[i] Establishing connection to: $ip : $port"
|
||||
try {
|
||||
$tcp = New-Object Net.Sockets.TcpClient
|
||||
$tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null
|
||||
} catch {}
|
||||
if ($tcp.Connected) {
|
||||
$tcp.Close()
|
||||
Write-Host "Port $port is open on $ip"
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ($ipAddr -notlike "*,*") {
|
||||
if ($ipAddr -eq "") {
|
||||
# Assumes the "primary" interface is shown at the top
|
||||
$interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1
|
||||
Write-Host "[i] Using Interface $interface"
|
||||
$ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress
|
||||
}
|
||||
Write-Host "[i] Base IP-Address for Subnet: $ipAddr"
|
||||
$subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1)
|
||||
# Always assumes /24 subnet
|
||||
Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'"
|
||||
|
||||
$ports = #{port_list}
|
||||
$subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" }
|
||||
|
||||
foreach ($ip in $subnetIPs) {
|
||||
foreach ($port in $ports) {
|
||||
try {
|
||||
$tcp = New-Object Net.Sockets.TcpClient
|
||||
$tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null
|
||||
} catch {}
|
||||
if ($tcp.Connected) {
|
||||
$tcp.Close()
|
||||
Write-Host "Port $port is open on $ip"
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Write-Host "[Error] Invalid Inputs"
|
||||
exit 1
|
||||
}
|
||||
name: powershell
|
||||
- name: Remote Desktop Services Discovery via PowerShell
|
||||
|
||||
Reference in New Issue
Block a user