NetExec/cme/first_run.py

import os
import errno
import sqlite3
import shutil
import cme
import configparser
from configparser import ConfigParser, NoSectionError, NoOptionError
from cme.loaders.protocol_loader import protocol_loader
from subprocess import check_output, PIPE
from sys import exit

CME_PATH = os.path.expanduser('~/.cme')
TMP_PATH = os.path.join('/tmp', 'cme_hosted')
if os.name == 'nt':
    TMP_PATH = os.getenv('LOCALAPPDATA') + '\\Temp\\cme_hosted'
WS_PATH = os.path.join(CME_PATH, 'workspaces')
CERT_PATH = os.path.join(CME_PATH, 'cme.pem')
CONFIG_PATH = os.path.join(CME_PATH, 'cme.conf')


def first_run_setup(logger):

    if not os.path.exists(TMP_PATH):
        os.mkdir(TMP_PATH)

    if not os.path.exists(CME_PATH):
        logger.info('First time use detected')
        logger.info('Creating home directory structure')
        os.mkdir(CME_PATH)

    folders = ['logs', 'modules', 'protocols', 'workspaces', 'obfuscated_scripts']
    for folder in folders:
        if not os.path.exists(os.path.join(CME_PATH, folder)):
            os.mkdir(os.path.join(CME_PATH, folder))

    if not os.path.exists(os.path.join(WS_PATH, 'default')):
        logger.info('Creating default workspace')
        os.mkdir(os.path.join(WS_PATH, 'default'))

    p_loader = protocol_loader()
    protocols = p_loader.get_protocols()
    for protocol in protocols.keys():
        try:
            protocol_object = p_loader.load_protocol(protocols[protocol]['dbpath'])
        except KeyError:
            continue

        proto_db_path = os.path.join(WS_PATH, 'default', protocol + '.db')

        if not os.path.exists(proto_db_path):
            logger.info('Initializing {} protocol database'.format(protocol.upper()))
            conn = sqlite3.connect(proto_db_path)
            c = conn.cursor()

            # try to prevent some of the weird sqlite I/O errors
            c.execute('PRAGMA journal_mode = OFF')
            c.execute('PRAGMA foreign_keys = 1')

            getattr(protocol_object, 'database').db_schema(c)

            # commit the changes and close everything off
            conn.commit()
            conn.close()

    if not os.path.exists(CONFIG_PATH):
        logger.info('Copying default configuration file')
        default_path = os.path.join(os.path.dirname(cme.__file__), 'data', 'cme.conf')
        shutil.copy(default_path, CME_PATH)
    else:
        # This is just a quick check to make sure the config file isn't the old 3.x format
        try:
            config = configparser.ConfigParser()
            config.read(CONFIG_PATH)
            config.get('CME', 'workspace')
            config.get('CME', 'pwn3d_label')
        except (NoSectionError, NoOptionError):
            logger.info('Old configuration file detected, replacing with new version')
            default_path = os.path.join(os.path.dirname(cme.__file__), 'data', 'cme.conf')
            shutil.copy(default_path, CME_PATH)

    if not os.path.exists(CERT_PATH):
        logger.info('Generating SSL certificate')
        try:
            check_output(['openssl', 'help'], stderr=PIPE)
        except OSError as e:
            if e.errno == errno.ENOENT:
                logger.error('OpenSSL command line utility is not installed, could not generate certificate')
                exit(1)
            else:
                logger.error('Error while generating SSL certificate: {}'.format(e))
                exit(1)
        if os.name != 'nt':
            os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH))
        else:
            os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH))
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00			`import os`
Add more compatibility for windows exe - decrease winrm timeout to 3 seconds so @IppSec 's videos tlast less time :) -- add ico to cme exe -- add option smb-server-port to make cme compatible with windows 2020-07-30 13:14:31 +00:00			`import errno`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00			`import sqlite3`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`import shutil`
			`import cme`
start python3 migration 2019-11-10 21:42:04 +00:00			`import configparser`
			`from configparser import ConfigParser, NoSectionError, NoOptionError`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`from cme.loaders.protocol_loader import protocol_loader`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`from subprocess import check_output, PIPE`
			`from sys import exit`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`CME_PATH = os.path.expanduser('~/.cme')`
			`TMP_PATH = os.path.join('/tmp', 'cme_hosted')`
Add Windows spec file to compile CME for Windows 2020-05-10 18:06:08 +00:00			`if os.name == 'nt':`
			`TMP_PATH = os.getenv('LOCALAPPDATA') + '\\Temp\\cme_hosted'`
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`WS_PATH = os.path.join(CME_PATH, 'workspaces')`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`CERT_PATH = os.path.join(CME_PATH, 'cme.pem')`
			`CONFIG_PATH = os.path.join(CME_PATH, 'cme.conf')`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00			`def first_run_setup(logger):`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00
Initial implementation of module chaining Oook, this commit is basicallu just so I can start tracking (and testing) all of the changes made so far: - All execution methods are now completely fileless, all output and/or batch files get outputted/hosted locally on a SMB server that gets spun up on runtime - Module structure has been modified for module chaining - Module chaining implementation is currently very hacky, I definitly have to figure out something more elegant but for now it works. Module chaining is performed via the -MC flag and has it's own mini syntax (will be adding it to the wiki) - You can now specify credential ID ranges using the -id flag - Added the eventvwr_bypass and rundll32_exec modules - Renamed a lot of the modules for naming consistency TODO: - Launchers/Payloads need to be escaped before being generated when module chaining - Add check for modules 'required_server' attribute - Finish modifying the functions in the Connection object so they return the results 2016-09-12 06:52:50 +00:00			`if not os.path.exists(TMP_PATH):`
			`os.mkdir(TMP_PATH)`

Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00			`if not os.path.exists(CME_PATH):`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`logger.info('First time use detected')`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`logger.info('Creating home directory structure')`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00			`os.mkdir(CME_PATH)`
Initial 4.0 pre-release 2017-03-27 21:09:36 +00:00
			`folders = ['logs', 'modules', 'protocols', 'workspaces', 'obfuscated_scripts']`
			`for folder in folders:`
			`if not os.path.exists(os.path.join(CME_PATH, folder)):`
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`os.mkdir(os.path.join(CME_PATH, folder))`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`if not os.path.exists(os.path.join(WS_PATH, 'default')):`
			`logger.info('Creating default workspace')`
			`os.mkdir(os.path.join(WS_PATH, 'default'))`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`p_loader = protocol_loader()`
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`protocols = p_loader.get_protocols()`
			`for protocol in protocols.keys():`
			`try:`
			`protocol_object = p_loader.load_protocol(protocols[protocol]['dbpath'])`
			`except KeyError:`
			`continue`

			`proto_db_path = os.path.join(WS_PATH, 'default', protocol + '.db')`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`if not os.path.exists(proto_db_path):`
			`logger.info('Initializing {} protocol database'.format(protocol.upper()))`
			`conn = sqlite3.connect(proto_db_path)`
			`c = conn.cursor()`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`# try to prevent some of the weird sqlite I/O errors`
			`c.execute('PRAGMA journal_mode = OFF')`
			`c.execute('PRAGMA foreign_keys = 1')`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`getattr(protocol_object, 'database').db_schema(c)`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished 2016-12-15 07:28:00 +00:00			`# commit the changes and close everything off`
			`conn.commit()`
			`conn.close()`
Second round of refactoring for packaging 2016-06-04 05:42:26 +00:00
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`if not os.path.exists(CONFIG_PATH):`
			`logger.info('Copying default configuration file')`
			`default_path = os.path.join(os.path.dirname(cme.__file__), 'data', 'cme.conf')`
			`shutil.copy(default_path, CME_PATH)`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`else:`
			`# This is just a quick check to make sure the config file isn't the old 3.x format`
			`try:`
start python3 migration 2019-11-10 21:42:04 +00:00			`config = configparser.ConfigParser()`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`config.read(CONFIG_PATH)`
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`config.get('CME', 'workspace')`
			`config.get('CME', 'pwn3d_label')`
			`except (NoSectionError, NoOptionError):`
			`logger.info('Old configuration file detected, replacing with new version')`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`default_path = os.path.join(os.path.dirname(cme.__file__), 'data', 'cme.conf')`
			`shutil.copy(default_path, CME_PATH)`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00
			`if not os.path.exists(CERT_PATH):`
			`logger.info('Generating SSL certificate')`
			`try:`
Fixed up @aj-cgtech changes 2018-03-01 19:36:17 +00:00			`check_output(['openssl', 'help'], stderr=PIPE)`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`except OSError as e:`
Add more compatibility for windows exe - decrease winrm timeout to 3 seconds so @IppSec 's videos tlast less time :) -- add ico to cme exe -- add option smb-server-port to make cme compatible with windows 2020-07-30 13:14:31 +00:00			`if e.errno == errno.ENOENT:`
Some code cleanup, bug fixes and re-added the config file * For some reason the config file got lost in between version bumps, re-added it * Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu * Code cleanup in cmedb.py and bug fixes in crackmapexec.py 2016-06-09 03:44:45 +00:00			`logger.error('OpenSSL command line utility is not installed, could not generate certificate')`
			`exit(1)`
			`else:`
			`logger.error('Error while generating SSL certificate: {}'.format(e))`
			`exit(1)`
Add more compatibility for windows exe - decrease winrm timeout to 3 seconds so @IppSec 's videos tlast less time :) -- add ico to cme exe -- add option smb-server-port to make cme compatible with windows 2020-07-30 13:14:31 +00:00			`if os.name != 'nt':`
			`os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH))`
			`else:`
			`os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH))`