Merge branch 'master' of github.com:zblurx/CrackMapExec

main
zblurx 2022-11-18 18:36:42 +01:00
commit 5d60eb0d10
3 changed files with 17 additions and 5 deletions

View File

@ -12,6 +12,7 @@ from cme.helpers.bloodhound import add_user_bh
from cme.helpers.powershell import create_ps_command
from impacket import tds
import configparser
from impacket.krb5.ccache import CCache
from impacket.smbconnection import SMBConnection, SessionError
from impacket.tds import SQLErrorException, TDS_LOGINACK_TOKEN, TDS_ERROR_TOKEN, TDS_ENVCHANGE_TOKEN, TDS_INFO_TOKEN, \
TDS_ENVCHANGE_VARCHAR, TDS_ENVCHANGE_DATABASE, TDS_ENVCHANGE_LANGUAGE, TDS_ENVCHANGE_CHARSET, TDS_ENVCHANGE_PACKETSIZE
@ -189,6 +190,12 @@ class mssql(connection):
return False
self.password = password
if username == '' and useCache:
ccache = CCache.loadFile(os.getenv('KRB5CCNAME'))
principal = ccache.principal.toPrincipal()
self.username = principal.components[0]
username = principal.components[0]
else:
self.username = username
self.domain = domain
self.check_if_admin()

View File

@ -14,10 +14,10 @@ class navigator(DatabaseNavigator):
for cred in creds:
credID = cred[0]
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
credtype = cred[1]
domain = cred[2]
username = cred[3]
password = cred[4]
# pillaged_from = cred[5]
links = self.db.get_admin_relations(userID=credID)

View File

@ -370,6 +370,11 @@ class smb(connection):
self.conn.kerberosLogin(username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache)
self.check_if_admin()
if username == '':
self.username = self.conn.getCredentials()[0]
else:
self.username = username
out = u'{}\\{}{} {}'.format(self.domain,
self.username,
# Show what was used between cleartext, nthash, aesKey and ccache