Merge branch 'dotnetremoting' into httpshellserver

lobsterjerusalem · lobsterjerusalem · commit d98a071d6453 · 2025-04-09T15:08:11.000-06:00
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
+	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	modernc.org/libc v1.62.1 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
diff --git a/go.sum b/go.sum
@@ -17,8 +17,8 @@ github.com/vjeantet/ldapserver v1.0.2-0.20240305064909-a417792e2906 h1:qHFp1iRg6
 github.com/vjeantet/ldapserver v1.0.2-0.20240305064909-a417792e2906/go.mod h1:YvUqhu5vYhmbcLReMLrm/Tq3S7Yj43kSVFvvol6Lh6k=
 golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
 golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 h1:nDVHiLt8aIbd/VzvPWN6kSOPE7+F/fNFDSXLVYkE/Iw=
-golang.org/x/exp v0.0.0-20250305212735-054e65f0b394/go.mod h1:sIifuuw/Yco/y6yb6+bDNfyeQ/MdPUy/hKEMYQV17cM=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM=
+golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8=
 golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
 golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
@@ -30,8 +30,8 @@ golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
 golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
-golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
-golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
+golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
+golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
 modernc.org/cc/v4 v4.25.2 h1:T2oH7sZdGvTaie0BRNFbIYsabzCxUQg8nLqCdQ2i0ic=
 modernc.org/cc/v4 v4.25.2/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.25.1 h1:TFSzPrAGmDsdnhT9X2UrcPMI3N/mJ9/X9ykKXwLhDsU=
diff --git a/protocol/dotnetremoting/dotnetremoting.go b/protocol/dotnetremoting/dotnetremoting.go
@@ -1,16 +1,11 @@
 // This is effectively a library for .NET remoting functionality
 // The exploit remoting service tool by tyranid was the primary
-// resource for this and this is basically a port of that project with the ntlmssp
 // Note: Everything is in little endian
 
 // Usage Example:
 //     data = "\x00\x00blahblah"
 //     uri = "tcp://192.168.113.231:9999/SomeEndpoint"
-//     conn,err := dotnetremoting.GetNTLMSSPTCPConnection("user", "asdf", "192.168.113.231:9999")
-//     if err != nil {
-//         fmt.Println(fmt.Sprintf("Error connecting: %s", err))
-//         return
-//     }
+//     // conn = get a net.Conn somehow...
 //     newmessage := dotnetremoting.Message{}
 //     newmessage.WriteDefaultPreamble(dotnetremoting.OperationRequest, len(data), uri)
 //     _,err = conn.Write([]byte(newmessage.GetMessage(data))) // NOTE THE GetMessage call here, this finalizes the message
@@ -30,13 +25,9 @@ package dotnetremoting
 
 import (
 	"encoding/binary"
-	"fmt"
 	"net"
 	"net/url"
-	"time"
 
-	"github.com/LeakIX/nns"
-	"github.com/LeakIX/ntlmssp"
 	"github.com/vulncheck-oss/go-exploit/output"
 	"github.com/vulncheck-oss/go-exploit/transform"
 )
@@ -445,19 +436,3 @@ func addCountedString(msg *string, encodingType StringEncoding, stringValue stri
 	*msg += transform.PackLittleInt32(len(stringValue))
 	*msg += stringValue
 }
-
-// Some connection helper functions, exists mostly to wrap around ntlmssp.
-// For anonymous connections, just pass "" to user and password.
-func GetNTLMSSPTCPConnection(user string, password string, socketAddr string) (net.Conn, error) {
-	ntlmsspClient, err := ntlmssp.NewClient(ntlmssp.SetCompatibilityLevel(1), ntlmssp.SetUserInfo(user, password))
-	if err != nil {
-		return nil, fmt.Errorf("error creating NTLMSSPClient, err=%w", err)
-	}
-	nnsConn, err := nns.DialNTLMSSP(socketAddr, ntlmsspClient, 10*time.Second)
-	if err != nil {
-		return nil, fmt.Errorf("error connecting with NTLMSSP to %s, err=%w", socketAddr, err)
-	}
-	output.PrintfFrameworkStatus("NTLMSSP connection to %s was successful", socketAddr)
-
-	return nnsConn, nil
-}
