-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Network path not found #9
Comments
Hey @JonathanAppriou ! To troubleshoot this issue, lets try to execute one single technique on a remote host using the command line. The command line provides more debug logs that can help us determine the issue. PurpleSharp.exe /rhost 192.168.38.3 /ruser admin /d mokoil.com /t T1059.001 Should look something like this: Also, please confirm that
|
@JonathanAppriou . Yes, disabling the Windows Firewall is necessary. PurpleSharp connects to the remote endpoint on native service like SMB and RPC. If connections are being blocked by a Firewall, PurpleSharp will not be able to connect to the endpoint. The RPC error you are seeing looks like a network error. I have seen it before. Are you using the right Ip address ? In your first screenshot it was 192.168.38.3 but on the last one you are using 192.168.38.2 |
Okay, thanks a lot ! I had forgotten to disable the firewall on the attacking machine. So it work now. I didn't think PurpleSharp needed to have firewall restrictions turned off. But now I understand. Thank you for your time ! |
I have another question : When a want to use a technique, how can I know what objects are needed in the playbook (or arguments using command line) ? For example, I want to use Brute Force technique in my playbook. Where can I found the arguments/objects needed ? |
@JonathanAppriou, I'm glad its working now ! That is a great question. I definitely need y to do a better job at documentation. Ideally, all the parameters would live here: https://www.purplesharp.com/en/latest/techniques/techniques.html#brute-force-password-spraying Right now, it does not have it. For now, you can look at some playbook examples I have here: https://github.com/mvelazc0/PurpleAD Happy to jump on a call to talk about the specific parameters for your simulations also ! |
Hi @mvelazc0 ,
I don't know why but, each time I try to execute a remote technique playbook, I have this problem :
All my machines are in the same network (AD Server, Windows Target and operator endpoint why PurpleSharp), I checked the network settings and tried without Windows Defender. But every time it doesn't work. Have you ever encountered this problem or know where it could come from?
Here is my playbook configuration :
The text was updated successfully, but these errors were encountered: