:: SharpWebServer ::    a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes capture functionalityAuthors:    - Can Güney Aksakalli (github.com/aksakalli)          - original implementation    - harrypatrick442 (github.com/harrypatrick442)        - aksakalli's fork & changes    - Dominic Chell (@domchell) from MDSec                - Net-NTLMv2 hashes capture code borrowed from Farmer    - Mariusz B. / mgeeky, <mb [at] binary-offensive.com> - combined all building blocks together,                                                            added connection keep-alive to NTLM AuthenticationUsage:    SharpWebServer.exe <port=port> [dir=path] [verbose=true] [ntlm=true] [logfile=path]Options:    port    - TCP Port number on which to listen (1-65535)    dir     - Directory with files to be hosted.    verbose - Turn verbose mode on.    seconds - Specifies h   ow long should the server be running. Default: indefinitely    ntlm    - Require NTLM Authentication before serving files. Useful to collect NetNTLMv2 hashes              (in MDSec's Farmer style)    logfile - Path to output logfile.

C:\> SharpWebServer.exe port=8888 dir=C:\Windows\Temp verbose=true ntlm=true    :: SharpWebServer ::    a Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionalityAuthors:    - Dominic Chell (@domchell) from MDSec                - Net-NTLM hashes capture code borrowed from Farmer    - Mariusz B. / mgeeky, <mb [at] binary-offensive.com> - WebDAV implementation, NTLM Authentication keep-alive,                                                            all the rest.Usage:    SharpWebServer.exe <port=port> [dir=path] [verbose=true] [ntlm=true] [logfile=path]Options:    port    - TCP Port number on which to listen (1-65535)    dir     - Directory with files to be hosted.    verbose - Turn verbose mode on.    seconds - Specifies how long should the server be running. Default: indefinitely    ntlm    - Require NTLM Authentication befo   re serving files. Useful to collect NetNTLM hashes              (in MDSec's Farmer style)    logfile - Path to output logfile.

C:\> curl -sD- http://localhost:8888/test.txt --ntlm --negotiate -u TestUser:TestPasswordHTTP/1.1 401 UnauthorizedTransfer-Encoding: chunkedWWW-Authenticate: NTLMDate: Mon, 29 Mar 2021 15:55:14 GMTHTTP/1.1 401 UnauthorizedTransfer-Encoding: chunkedWWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFAomiESIzRFVmd4gAAAAAAAAAAIAAgAA+AAAABQLODgAAAA9TAE0AQgACAAYAUwBNAEIAAQAWAFMATQBCAC0AVABPAE8ATABLAEkAVAAEABIAcwBtAGIALgBsAG8AYwBhAGwAAwAoAHMAZQByAHYAZQByADIAMAAwADMALgBzAG0AYgAuAGwAbwBjAGEAbAAFABIAcwBtAGIALgBsAG8AYwBhAGwAAAAAAA==Date: Mon, 29 Mar 2021 15:55:14 GMTHTTP/1.1 200 OKContent-Length: 6Content-Type: text/plainDate: Mon, 29 Mar 2021 15:55:14 GMTfoobar

C:\> dir \\[email protected]\test Volume in drive \\[email protected]\test has no label. Volume Serial Number is 0000-0000 Directory of \\[email protected]\test30.03.2021  05:12    <DIR>          .30.03.2021  05:12    <DIR>          ..30.03.2021  04:27                11 test2.txt30.03.2021  05:12                12 test3.txt30.03.2021  05:12    <DIR>          test4               2 File(s)             23 bytes               3 Dir(s)  225 268 776 960 bytes freeC:\> type \\[email protected]\test\test4\test5.txtHello world!C:\> copy \\[email protected]\test\test4\test5.txt .        1 file(s) copied.