Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network path not found #9

Closed
JonathanAppriou opened this issue Feb 10, 2022 · 6 comments
Closed

Network path not found #9

JonathanAppriou opened this issue Feb 10, 2022 · 6 comments

Comments

@JonathanAppriou
Copy link

Hi @mvelazc0 ,

I don't know why but, each time I try to execute a remote technique playbook, I have this problem :

image

All my machines are in the same network (AD Server, Windows Target and operator endpoint why PurpleSharp), I checked the network settings and tried without Windows Defender. But every time it doesn't work. Have you ever encountered this problem or know where it could come from?

Here is my playbook configuration :

image
@mvelazc0
Copy link
Owner

mvelazc0 commented Feb 10, 2022
edited
Loading

Hey @JonathanAppriou !

To troubleshoot this issue, lets try to execute one single technique on a remote host using the command line. The command line provides more debug logs that can help us determine the issue.

PurpleSharp.exe /rhost 192.168.38.3 /ruser admin /d mokoil.com /t T1059.001

Should look something like this:

image

Also, please confirm that

  • The 'mokoil.com\admin' domain user has administrative privileges on 192.168.38.3
  • There is network connectivity between the host where you are running PurpleSharp and the remote host.
  • There is no anti malware solution deleting the PurpleSharp binary when its being copied to 192.168.38.3

@JonathanAppriou
Copy link
Author

I found a solution : disable the Windows Firewall.

image

Is it expected that PurpleSharp does not work with Windows Firewall?

I have another mistake now:

image

It seems that RPC is not present on the target, but :

image

@mvelazc0
Copy link
Owner

@JonathanAppriou . Yes, disabling the Windows Firewall is necessary.

PurpleSharp connects to the remote endpoint on native service like SMB and RPC. If connections are being blocked by a Firewall, PurpleSharp will not be able to connect to the endpoint.

The RPC error you are seeing looks like a network error. I have seen it before.

Are you using the right Ip address ? In your first screenshot it was 192.168.38.3 but on the last one you are using 192.168.38.2

@JonathanAppriou
Copy link
Author

@mvelazc0

Okay, thanks a lot ! I had forgotten to disable the firewall on the attacking machine. So it work now.

I didn't think PurpleSharp needed to have firewall restrictions turned off. But now I understand.

Thank you for your time !

@JonathanAppriou
Copy link
Author

I have another question :

When a want to use a technique, how can I know what objects are needed in the playbook (or arguments using command line) ?

For example, I want to use Brute Force technique in my playbook. Where can I found the arguments/objects needed ?

@mvelazc0
Copy link
Owner

@JonathanAppriou, I'm glad its working now !

That is a great question. I definitely need y to do a better job at documentation. Ideally, all the parameters would live here:

https://www.purplesharp.com/en/latest/techniques/techniques.html#brute-force-password-spraying

Right now, it does not have it.

For now, you can look at some playbook examples I have here:

https://github.com/mvelazc0/PurpleAD

Happy to jump on a call to talk about the specific parameters for your simulations also !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mvelazc0 @JonathanAppriou