Hunnic Cyber - Logo

SharpSniper.exe

SharpSniper is a simple tool to find the IP address of specific users in Active Directory so that you can target their box. It is written in .NET. It takes a username, and makes a list of Domain contollers, then search for Log-on events on any of the DCs for the user you are looking for and then reads the most recent DHCP allocated logon IP address.

Permissions are required to read the EventLogs so DA is likely needed.

Usage

cmd.exe (Supply credentials)

C:\> SharpSniper.exe emusk DomainAdminUser DAPass123

User: emusk - IP Address: 192.168.37.130

cmd.exe (Current authentication token e.g. Mimikatz pth)

C:\> SharpSniper.exe emusk

User: emusk - IP Address: 192.168.37.130

Cobalt Strike (Supply credentials)

> execute-assembly /path/to/SharpSniper.exe emusk DomainAdminUser DAPass123

User: emusk - IP Address: 192.168.37.130

Cobalt Strike (Beacon's token)

> execute-assembly /path/to/SharpSniper.exe emusk

User: emusk - IP Address: 192.168.37.130

Download & compile on Github: