diff --git a/cme/connection.py b/cme/connection.py index 824f17f2..5fe87964 100755 --- a/cme/connection.py +++ b/cme/connection.py @@ -168,7 +168,6 @@ class connection(object): creds = self.db.get_credentials() else: creds = self.db.get_credentials(filterTerm=int(cred_id)) - print(creds) for cred in creds: logging.debug(cred) try: @@ -186,12 +185,12 @@ class connection(object): if credtype == 'hash' and not self.over_fail_limit(username): if self.args.kerberos: if self.kerberos_login(domain, username, '', password, '', self.kdcHost, False): return True - if self.hash_login(domain, username, password): return True + elif self.hash_login(domain, username, password): return True elif credtype == 'plaintext' and not self.over_fail_limit(username): if self.args.kerberos: if self.kerberos_login(domain, username, password, '' , '', self.kdcHost, False): return True - if self.plaintext_login(domain, username, password): return True + elif self.plaintext_login(domain, username, password): return True except IndexError: self.logger.error("Invalid database credential ID!") @@ -216,19 +215,19 @@ class connection(object): if not self.over_fail_limit(usr.strip()): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True - if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True + elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True elif self.args.no_bruteforce == True: user_file.seek(0) # HACK: this should really not be in the usr for loop for usr, f_hash in zip(user_file, ntlm_hash_file): if not self.over_fail_limit(usr.strip()): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True - if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True + elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True else: # ntlm_hash is a string if not self.over_fail_limit(usr.strip()): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), '', ntlm_hash.strip(), '', self.kdcHost, False): return True - if self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True + elif self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True elif self.args.password: with sem: @@ -241,7 +240,7 @@ class connection(object): if hasattr(self.args, 'domain'): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True else: if self.plaintext_login(usr.strip(), f_pass.strip()): return True elif self.args.no_bruteforce == True: @@ -251,7 +250,7 @@ class connection(object): if hasattr(self.args, 'domain'): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True else: if self.plaintext_login(usr.strip(), f_pass.strip()): return True else: # password is a string @@ -259,7 +258,7 @@ class connection(object): if hasattr(self.args, 'domain'): if self.args.kerberos: if self.kerberos_login(self.domain, usr.strip(), password, '', '', self.kdcHost, False): return True - if self.plaintext_login(self.domain, usr.strip(), password): return True + elif self.plaintext_login(self.domain, usr.strip(), password): return True else: if self.plaintext_login(usr.strip(), password): return True @@ -273,12 +272,12 @@ class connection(object): if not self.over_fail_limit(user): if self.args.kerberos: if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True - if self.hash_login(self.domain, user, f_hash.strip()): return True + elif self.hash_login(self.domain, user, f_hash.strip()): return True else: # ntlm_hash is a string if not self.over_fail_limit(user): if self.args.kerberos: if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True - if self.hash_login(self.domain, user, ntlm_hash.strip()): return True + elif self.hash_login(self.domain, user, ntlm_hash.strip()): return True elif self.args.password: with sem: @@ -290,7 +289,7 @@ class connection(object): if hasattr(self.args, 'domain'): if self.args.kerberos: if self.kerberos_login(self.domain, user, f_pass.strip(), '', '', self.kdcHost, False): return True - if self.plaintext_login(self.domain, user, f_pass.strip()): return True + elif self.plaintext_login(self.domain, user, f_pass.strip()): return True else: if self.plaintext_login(user, f_pass.strip()): return True else: # password is a string @@ -298,7 +297,7 @@ class connection(object): if hasattr(self.args, 'domain'): if self.args.kerberos: if self.kerberos_login(self.domain, user, password, '', '', self.kdcHost, False): return True - if self.plaintext_login(self.domain, user, password): return True + elif self.plaintext_login(self.domain, user, password): return True else: if self.plaintext_login(user, password): return True diff --git a/cme/protocols/ldap.py b/cme/protocols/ldap.py index 0b17a715..4abc31a1 100644 --- a/cme/protocols/ldap.py +++ b/cme/protocols/ldap.py @@ -238,6 +238,8 @@ class ldap(connection): return True def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False): + self.logger.extra['protocol'] = "LDAP" + self.logger.extra['port'] = "389" # Get ldap info (target, targetDomain, baseDN) target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host) @@ -270,12 +272,25 @@ class ldap(connection): self.username, highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) - self.logger.extra['protocol'] = "LDAP" - self.logger.extra['port'] = "389" self.logger.success(out) if not self.args.local_auth: add_user_bh(self.username, self.domain, self.logger, self.config) + if not self.args.continue_on_success: + return True + except SessionError as e: + self.logger.error(u'{}\\{}:{} {}'.format(self.domain, + self.username, + self.password, + str(e)), + color='red') + return False + except KeyError as e: + self.logger.error(u'{}\\{}:{} {}'.format(self.domain, + self.username, + '', + ''), + color='red') except ldap_impacket.LDAPSessionError as e: if str(e).find('strongerAuthRequired') >= 0: # We need to try SSL @@ -300,6 +315,8 @@ class ldap(connection): if not self.args.local_auth: add_user_bh(self.username, self.domain, self.logger, self.config) + if not self.args.continue_on_success: + return True else: errorCode = str(e).split()[-2][:-1] self.logger.error(u'{}\\{}:{} {}'.format(self.domain, @@ -308,9 +325,9 @@ class ldap(connection): ldap_error_status[errorCode] if errorCode in ldap_error_status else ''), color='magenta' if errorCode in ldap_error_status else 'red') - return True - def plaintext_login(self, domain, username, password): + self.logger.extra['protocol'] = "LDAP" + self.logger.extra['port'] = "389" self.username = username self.password = password self.domain = domain @@ -337,8 +354,6 @@ class ldap(connection): self.username, self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8, highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) - self.logger.extra['protocol'] = "LDAP" - self.logger.extra['port'] = "389" self.logger.success(out) if not self.args.local_auth: @@ -366,6 +381,8 @@ class ldap(connection): if not self.args.local_auth: add_user_bh(self.username, self.domain, self.logger, self.config) + if not self.args.continue_on_success: + return True except ldap_impacket.LDAPSessionError as e: errorCode = str(e).split()[-2][:-1] self.logger.error(u'{}\\{}:{} {}'.format(self.domain, @@ -391,6 +408,8 @@ class ldap(connection): def hash_login(self, domain, username, ntlm_hash): + self.logger.extra['protocol'] = "LDAP" + self.logger.extra['port'] = "389" lmhash = '' nthash = '' @@ -456,6 +475,8 @@ class ldap(connection): if not self.args.local_auth: add_user_bh(self.username, self.domain, self.logger, self.config) + if not self.args.continue_on_success: + return True except ldap_impacket.LDAPSessionError as e: errorCode = str(e).split()[-2][:-1] self.logger.error(u'{}\\{}:{} {}'.format(self.domain, diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py index a16a0f54..564d15bd 100755 --- a/cme/protocols/smb.py +++ b/cme/protocols/smb.py @@ -354,8 +354,6 @@ class smb(connection): self.hash = ntlm_hash if lmhash: self.lmhash = lmhash if nthash: self.nthash = nthash - - self.conn.kerberosLogin(username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache) # self.check_if_admin() # currently pywerview does not support kerberos auth @@ -372,7 +370,10 @@ class smb(connection): self.conn.getCredentials()[0], highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) self.logger.success(out) - return True + if not self.args.local_auth: + add_user_bh(username, domain, self.logger, self.config) + if not self.args.continue_on_success: + return True else: self.logger.error(u'{} {} {}'.format(self.domain, error,