chore: update CommonLib to 2.0.15

feat: add flag to skip computer age check
feat: add powershell auto-generated output

Author: rvazarkar

Sharphound.csproj

@@ -23,19 +23,23 @@
         </PackageReference>
         <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="5.0.0" />
         <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="5.0.0" />
-        <PackageReference Include="SharpHoundCommon" Version="2.0.13" />
+        <PackageReference Include="SharpHoundCommon" Version="2.0.15" />
         <PackageReference Include="SharpZipLib" Version="1.3.3" />
         <PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
         <PackageReference Include="System.Threading.Channels" Version="6.0.0" />
         <PackageReference Include="Utf8Json" Version="1.3.7" />
     </ItemGroup>
 
     <ItemGroup>
-<!--        <Reference Include="SharpHoundCommonLib, Version=2.0.12.0, Culture=neutral, PublicKeyToken=null">-->
+<!--        <Reference Include="SharpHoundCommonLib, Version=2.0.13.0, Culture=neutral, PublicKeyToken=null">-->
 <!--            <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>-->
 <!--        </Reference>-->
         <Reference Include="System.DirectoryServices" />
         <Reference Include="System.DirectoryServices.Protocols" />
         <Reference Include="System.IO.Compression" />
     </ItemGroup>
+    <Target Name="PS1" AfterTargets="Build">
+        <Message Text="Test" />
+        <Exec Command="powershell -ep bypass -c &quot;. '$(ProjectDir)src\Powershell\Out-CompressedDLL.ps1';Out-CompressedDll -FilePath '$(TargetPath)' -TemplatePath '$(ProjectDir)src\\Powershell\Template.ps1' | Out-File -Encoding ASCII '$(TargetDir)$(TargetName).ps1'&quot;" />
+    </Target>
 </Project>

src/Client/Flags.cs

@@ -15,6 +15,7 @@ public class Flags
         public bool SecureLDAP { get; set; }
         public bool DisableKerberosSigning { get; set; }
         public bool SkipPortScan { get; set; }
+        public bool SkipPasswordAgeCheck { get; set; }
         public bool ExcludeDomainControllers { get; set; }
         public bool NoRegistryLoggedOn { get; set; }
         public bool DumpComputerStatus { get; set; }

src/Options.cs

@@ -14,7 +14,7 @@ public class Options
         // Options that affect what is collected
         [Option('c', "collectionmethods", Default = new[] { "Default" },
             HelpText =
-                "Collection Methods: Container, Group, LocalGroup, GPOLocalGroup, Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly")]
+                "Collection Methods: Group, LocalGroup, LocalAdmin, RDP, DCOM, PSRemote, Session, Trusts, ACL, Container, ComputerOnly, GPOLocalGroup, LoggedOn, ObjectProps, SPNTargets, Default, DCOnly, All")]
         public IEnumerable<string> CollectionMethods { get; set; }
 
         [Option('d', "domain", Default = null, HelpText = "Specify domain to enumerate")]
@@ -59,13 +59,13 @@ public class Options
 
         [Option(HelpText = "Don't zip files", Default = false)]
         public bool NoZip { get; set; }
+        
+        [Option(HelpText = "Password protects the zip with the specified password", Default = null)]
+        public string ZipPassword { get; set; }
 
         [Option(HelpText = "Adds a CSV tracking requests to computers", Default = false)]
         public bool TrackComputerCalls { get; set; }
 
-        [Option(HelpText = "Password protects the zip with the specified password", Default = null)]
-        public string ZipPassword { get; set; }
-        
         [Option(HelpText = "Pretty print JSON", Default = false)]
         public bool PrettyPrint { get; set; }
 
@@ -92,9 +92,12 @@ public class Options
         //Options that affect how enumeration is performed
         [Option(HelpText = "Skip checking if 445 is open", Default = false)]
         public bool SkipPortCheck { get; set; }
-
+        
         [Option(HelpText = "Timeout for port checks in milliseconds", Default = 500)]
         public int PortCheckTimeout { get; set; }
+        
+        [Option(HelpText = "Skip check for PwdLastSet when enumerating computers", Default = false)]
+        public bool SkipPasswordCheck { get; set; }
 
         [Option(HelpText = "Exclude domain controllers from session/localgroup enumeration (mostly for ATA/ATP)",
             Default = false)]

src/PowerShell/Out-CompressedDLL.ps1

@@ -0,0 +1,59 @@
+function Out-CompressedDll
+{
+<#
+.SYNOPSIS
+
+Creates the powershell in-memory version of SharpHound. 
+Based entirely off Out-CompressedDll by Matthew Graeber (@mattifestation)
+Original script at https://github.com/PowerShellMafia/PowerSploit/blob/master/ScriptModification/Out-CompressedDll.ps1
+#>
+
+    [CmdletBinding()] Param (
+        [Parameter(Mandatory = $True)]
+        [String]
+        $FilePath,
+
+        [Parameter(Mandatory = $True)]
+        [String]
+        $TemplatePath
+    )
+
+    $Path = Resolve-Path $FilePath
+
+    if (! [IO.File]::Exists($Path))
+    {
+        Throw "$Path does not exist."
+    }
+
+    $FileBytes = [System.IO.File]::ReadAllBytes($Path)
+
+    if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
+    {
+        Throw "$Path is not a valid executable."
+    }
+
+    $Length = $FileBytes.Length
+    $CompressedStream = New-Object IO.MemoryStream
+    $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
+    $DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
+    $DeflateStream.Dispose()
+    $CompressedFileBytes = $CompressedStream.ToArray()
+    $CompressedStream.Dispose()
+    $EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)
+
+    Write-Verbose "Compression ratio: $(($EncodedCompressedFile.Length/$FileBytes.Length).ToString('#%'))"
+
+    $Output = @"
+	`$EncodedCompressedFile = '$EncodedCompressedFile`'
+	`$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
+	`$UncompressedFileBytes = New-Object Byte[]($Length)
+	`$DeflatedStream.Read(`$UncompressedFileBytes, 0, $Length) | Out-Null
+	`$Assembly = [Reflection.Assembly]::Load(`$UncompressedFileBytes)
+	`$BindingFlags = [Reflection.BindingFlags] "Public,Static"
+	`$a = @()
+	`$Assembly.GetType("Costura.AssemblyLoader", `$false).GetMethod("Attach", `$BindingFlags).Invoke(`$Null, @())
+	`$Assembly.GetType("Sharphound.Program").GetMethod("InvokeSharpHound").Invoke(`$Null, @(,`$passed))
+"@
+
+	Get-Content $TemplatePath | %{$_ -replace "#ENCODEDCONTENTHERE", $Output}
+}