swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #409 from RagingCactus/file-handling-concurrency-fixes 

Fix file reading concurrency issues
main
mpgn 2021-09-17 20:33:33 +02:00 committed by GitHub
parent 43b8a7ddb5 cc1af64448
commit 46a00c3fef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 69 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
cme/connection.py
View File

@ -188,88 +188,86 @@ class connection(object):
self.logger.error("Invalid database credential ID!")
for user in self.args.username:
if not isinstance(user, str) and isfile(user.name):
for usr in user:
if "\\" in usr:
tmp = usr
usr = tmp.split('\\')[1].strip()
self.domain = tmp.split('\\')[0]
if hasattr(self.args, 'hash') and self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if isinstance(ntlm_hash, str):
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), ntlm_hash): return True
elif not isinstance(ntlm_hash, str) and isfile(ntlm_hash.name) and self.args.no_bruteforce == False:
for f_hash in ntlm_hash:
if isfile(user):
with open(user, 'r') as user_file:
for usr in user_file:
if "\\" in usr:
tmp = usr
usr = tmp.split('\\')[1].strip()
self.domain = tmp.split('\\')[0]
if hasattr(self.args, 'hash') and self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if isfile(ntlm_hash):
with open(ntlm_hash, 'r') as ntlm_hash_file:
if self.args.no_bruteforce == False:
for f_hash in ntlm_hash_file:
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
elif self.args.no_bruteforce == True:
user_file.seek(0) # HACK: this should really not be in the usr for loop
for usr, f_hash in zip(user_file, ntlm_hash_file):
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
else: # ntlm_hash is a string
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
ntlm_hash.seek(0)
if self.hash_login(self.domain, usr.strip(), ntlm_hash_file): return True
elif not isinstance(ntlm_hash, str) and isfile(ntlm_hash.name) and self.args.no_bruteforce == True:
user.seek(0)
for usr, f_hash in zip(user, ntlm_hash):
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
elif self.args.password:
with sem:
for password in self.args.password:
if isinstance(password, str):
if not self.over_fail_limit(usr.strip()):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, usr.strip(), password): return True
else:
if self.plaintext_login(usr.strip(), password): return True
elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == False:
for f_pass in password:
elif self.args.password:
with sem:
for password in self.args.password:
if isfile(password):
with open(password, 'r') as password_file:
if self.args.no_bruteforce == False:
for f_pass in password_file:
if not self.over_fail_limit(usr.strip()):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
elif self.args.no_bruteforce == True:
user_file.seek(0) # HACK: this should really not be in the usr for loop
for usr, f_pass in zip(user_file, password_file):
if not self.over_fail_limit(usr.strip()):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
else: # password is a string
if not self.over_fail_limit(usr.strip()):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
if self.plaintext_login(self.domain, usr.strip(), password): return True
else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
password.seek(0)
if self.plaintext_login(usr.strip(), password): return True
elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == True:
user.seek(0)
for usr, f_pass in zip(user, password):
if not self.over_fail_limit(usr.strip()):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
user.seek(0) # added june 2020, may break everything but solve this issue cme smb file -u file -p file
elif isinstance(user, str):
if hasattr(self.args, 'hash') and self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if isinstance(ntlm_hash, str):
if not self.over_fail_limit(user):
if self.hash_login(self.domain, user, ntlm_hash): return True
elif not isinstance(ntlm_hash, str) and isfile(ntlm_hash.name):
for f_hash in ntlm_hash:
else: # user is a string
if hasattr(self.args, 'hash') and self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if isfile(ntlm_hash):
with open(ntlm_hash, 'r') as ntlm_hash_file:
for f_hash in ntlm_hash_file:
if not self.over_fail_limit(user):
if self.hash_login(self.domain, user, f_hash.strip()): return True
ntlm_hash.seek(0)
else: # ntlm_hash is a string
if not self.over_fail_limit(user):
if self.hash_login(self.domain, user, ntlm_hash): return True
elif self.args.password:
with sem:
for password in self.args.password:
if isinstance(password, str):
if not self.over_fail_limit(user):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, user, password): return True
else:
if self.plaintext_login(user, password): return True
elif not isinstance(password, str) and isfile(password.name):
for f_pass in password:
elif self.args.password:
with sem:
for password in self.args.password:
if isfile(password):
with open(password, 'r') as password_file:
for f_pass in password_file:
if not self.over_fail_limit(user):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, user, f_pass.strip()): return True
else:
if self.plaintext_login(user, f_pass.strip()): return True
password.seek(0)
else: # password is a string
if not self.over_fail_limit(user):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, user, password): return True
else:
if self.plaintext_login(user, password): return True

18
cme/crackmapexec.py
View File

@ -144,24 +144,6 @@ def main():
else:
jitter = (0, int(args.jitter))
if hasattr(args, 'username') and args.username:
for user in args.username:
if os.path.exists(user):
args.username.remove(user)
args.username.append(open(user, 'r'))
if hasattr(args, 'password') and args.password:
for passw in args.password:
if os.path.exists(passw):
args.password.remove(passw)
args.password.append(open(passw, 'r'))
elif hasattr(args, 'hash') and args.hash:
for ntlm_hash in args.hash:
if os.path.exists(ntlm_hash):
args.hash.remove(ntlm_hash)
args.hash.append(open(ntlm_hash, 'r'))
if hasattr(args, 'cred_id') and args.cred_id:
for cred_id in args.cred_id:
if '-' in str(cred_id):