swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #323 from mpgn/python3 

Migration to Python3
main
byt3bl33d3r 2020-04-19 14:22:56 -03:00 committed by GitHub
parent 3f2d39a800 ff167fa152
commit 8c3beecd98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 446 additions and 505 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
data/cme.db
*.bak
*.log
.venv
# Byte-compiled / optimized / DLL files

6
.gitmodules vendored
View File

@ -25,12 +25,6 @@
[submodule "cme/data/mimipenguin"]
path = cme/data/mimipenguin
url = https://github.com/huntergregal/mimipenguin
[submodule "cme/thirdparty/pywinrm"]
path = cme/thirdparty/pywinrm
url = https://github.com/diyan/pywinrm
[submodule "cme/thirdparty/impacket"]
path = cme/thirdparty/impacket
url = https://github.com/SecureAuthCorp/impacket
[submodule "cme/thirdparty/pywerview"]
path = cme/thirdparty/pywerview
url = https://github.com/the-useless-one/pywerview

4
MANIFEST.in
View File

@ -4,10 +4,6 @@ include LICENSE
recursive-include cme/data *
recursive-include cme/modules *
recursive-include cme/thirdparty *
prune cme/thirdparty/impacket/impacket/testcases
prune cme/thirdparty/impacket/examples
prune cme/thirdparty/pywinrm/winrm/tests
prune cme/thirdparty/pywinrm/scripts
prune cme/data/powersploit/Tests
prune cme/data/powersploit/CodeExecution/Invoke-ReflectivePEInjection_Resources
prune cme/data/powersploit/Exfiltration/LogonUser

5
Pipfile
View File

@ -17,12 +17,13 @@ netaddr = "*"
pyopenssl = "*"
termcolor = "*"
msgpack-python = "*"
pylnk = "*"
pylnk3 = "*"
splinter = "*"
paramiko = "*"
xmltodict = "*"
six = "*"
terminaltables = "*"
pywinrm = "*"
[requires]
python_version = "2.7"
python_version = "3.7"

322
Pipfile.lock generated
View File

@ -1,11 +1,11 @@
{
"_meta": {
"hash": {
"sha256": "63dd45ebb42f9808c2a9f1f775f01ce7f386dbcb376cc8e38d9a044c0ff0e9b1"
"sha256": "2cf34d989e25f27b567739f2c9ce194d11ae104c1794b3c26690ff0f70b08072"
},
"pipfile-spec": 6,
"requires": {
"python_version": "2.7"
"python_version": "3.7"
},
"sources": [
{
@ -16,20 +16,13 @@
]
},
"default": {
"backports.functools-lru-cache": {
"hashes": [
"sha256:9d98697f088eb1b0fa451391f91afb5e3ebde16bbdb272819fd091151fda4f1a",
"sha256:f0b0e4eba956de51238e17573b7087e852dfe9854afd2e9c873f73fc0ca0a6dd"
],
"markers": "python_version < '3'",
"version": "==1.5"
},
"bcrypt": {
"hashes": [
"sha256:0258f143f3de96b7c14f762c770f5fc56ccd72f8a1857a451c1cd9a655d9ac89",
"sha256:0b0069c752ec14172c5f78208f1863d7ad6755a6fae6fe76ec2c80d13be41e42",
"sha256:19a4b72a6ae5bb467fea018b825f0a7d917789bcfe893e53f15c92805d187294",
"sha256:5432dd7b34107ae8ed6c10a71b4397f1c853bd39a4d6ffa7e35f40584cffd161",
"sha256:6305557019906466fc42dbc53b46da004e72fd7a551c044a827e572c82191752",
"sha256:69361315039878c0680be456640f8705d76cb4a3a3fe1e057e0f261b74be4b31",
"sha256:6fe49a60b25b584e2f4ef175b29d3a83ba63b3a4df1b4c0605b826668d1b6be5",
"sha256:74a015102e877d0ccd02cdeaa18b32aa7273746914a6c5d0456dd442cb65b99c",
@ -40,6 +33,7 @@
"sha256:a595c12c618119255c90deb4b046e1ca3bcfad64667c43d1166f2b04bc72db09",
"sha256:c9457fa5c121e94a58d6505cadca8bed1c64444b83b3204928a866ca2e599105",
"sha256:cb93f6b2ab0f6853550b74e051d297c27a638719753eb9ff66d1e4072be67133",
"sha256:ce4e4f0deb51d38b1611a27f330426154f2980e66582dc5f438aad38b5f24fc1",
"sha256:d7bdc26475679dd073ba0ed2766445bb5b20ca4793ca0db32b399dccc6bc84b7",
"sha256:ff032765bb8716d9387fd5376d987a937254b0619eff0972779515b5c98820bc"
],
@ -47,11 +41,11 @@
},
"beautifulsoup4": {
"hashes": [
"sha256:5279c36b4b2ec2cb4298d723791467e3000e5384a43ea0cdf5d45207c7e97169",
"sha256:6135db2ba678168c07950f9a16c4031822c6f4aec75a65e0a97bc5ca09789931",
"sha256:dcdef580e18a76d54002088602eba453eec38ebbcafafeaabd8cab12b6155d57"
"sha256:05fd825eb01c290877657a56df4c6e4c311b3965bda790c613a3d6fb01a5462a",
"sha256:9fbb4d6e48ecd30bcacc5b63b94088192dcda178513b2ae3c394229f8911b887",
"sha256:e1505eeed31b0f4ce2dbb3bc8eb256c04cc2b3b72af7d551a4ab6efd5cbe5dae"
],
"version": "==4.8.1"
"version": "==4.8.2"
},
"bs4": {
"hashes": [
@ -62,47 +56,48 @@
},
"certifi": {
"hashes": [
"sha256:e4f3620cfea4f83eedc95b24abd9cd56f3c4b146dd0177e83a21b4eb49e21e50",
"sha256:fd7c7c74727ddcf00e9acd26bba8da604ffec95bf1c2144e67aff7a8b50e6cef"
"sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3",
"sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f"
],
"version": "==2019.9.11"
"version": "==2019.11.28"
},
"cffi": {
"hashes": [
"sha256:08f99e8b38d5134d504aa7e486af8e4fde66a2f388bbecc270cdd1e00fa09ff8",
"sha256:1112d2fc92a867a6103bce6740a549e74b1d320cf28875609f6e93857eee4f2d",
"sha256:1b9ab50c74e075bd2ae489853c5f7f592160b379df53b7f72befcbe145475a36",
"sha256:24eff2997436b6156c2f30bed215c782b1d8fd8c6a704206053c79af95962e45",
"sha256:2eff642fbc9877a6449026ad66bf37c73bf4232505fb557168ba5c502f95999b",
"sha256:362e896cea1249ed5c2a81cf6477fabd9e1a5088aa7ea08358a4c6b0998294d2",
"sha256:40eddb3589f382cb950f2dcf1c39c9b8d7bd5af20665ce273815b0d24635008b",
"sha256:5ed40760976f6b8613d4a0db5e423673ca162d4ed6c9ed92d1f4e58a47ee01b5",
"sha256:632c6112c1e914c486f06cfe3f0cc507f44aa1e00ebf732cedb5719e6aa0466a",
"sha256:64d84f0145e181f4e6cc942088603c8db3ae23485c37eeda71cb3900b5e67cb4",
"sha256:6cb4edcf87d0e7f5bdc7e5c1a0756fbb37081b2181293c5fdf203347df1cd2a2",
"sha256:6f19c9df4785305669335b934c852133faed913c0faa63056248168966f7a7d5",
"sha256:719537b4c5cd5218f0f47826dd705fb7a21d83824920088c4214794457113f3f",
"sha256:7b0e337a70e58f1a36fb483fd63880c9e74f1db5c532b4082bceac83df1523fa",
"sha256:853376efeeb8a4ae49a737d5d30f5db8cdf01d9319695719c4af126488df5a6a",
"sha256:85bbf77ffd12985d76a69d2feb449e35ecdcb4fc54a5f087d2bd54158ae5bb0c",
"sha256:8978115c6f0b0ce5880bc21c967c65058be8a15f1b81aa5fdbdcbea0e03952d1",
"sha256:8f7eec920bc83692231d7306b3e311586c2e340db2dc734c43c37fbf9c981d24",
"sha256:8fe230f612c18af1df6f348d02d682fe2c28ca0a6c3856c99599cdacae7cf226",
"sha256:92068ebc494b5f9826b822cec6569f1f47b9a446a3fef477e1d11d7fac9ea895",
"sha256:b57e1c8bcdd7340e9c9d09613b5e7fdd0c600be142f04e2cc1cc8cb7c0b43529",
"sha256:ba956c9b44646bc1852db715b4a252e52a8f5a4009b57f1dac48ba3203a7bde1",
"sha256:ca42034c11eb447497ea0e7b855d87ccc2aebc1e253c22e7d276b8599c112a27",
"sha256:dc9b2003e9a62bbe0c84a04c61b0329e86fccd85134a78d7aca373bbbf788165",
"sha256:dd308802beb4b2961af8f037becbdf01a1e85009fdfc14088614c1b3c383fae5",
"sha256:e77cd105b19b8cd721d101687fcf665fd1553eb7b57556a1ef0d453b6fc42faa",
"sha256:f56dff1bd81022f1c980754ec721fb8da56192b026f17f0f99b965da5ab4fbd2",
"sha256:fa4cc13c03ea1d0d37ce8528e0ecc988d2365e8ac64d8d86cafab4038cb4ce89",
"sha256:fa8cf1cb974a9f5911d2a0303f6adc40625c05578d8e7ff5d313e1e27850bd59",
"sha256:fb003019f06d5fc0aa4738492ad8df1fa343b8a37cbcf634018ad78575d185df",
"sha256:fd409b7778167c3bcc836484a8f49c0e0b93d3e745d975749f83aa5d18a5822f",
"sha256:fe5d65a3ee38122003245a82303d11ac05ff36531a8f5ce4bc7d4bbc012797e1"
"sha256:0b49274afc941c626b605fb59b59c3485c17dc776dc3cc7cc14aca74cc19cc42",
"sha256:0e3ea92942cb1168e38c05c1d56b0527ce31f1a370f6117f1d490b8dcd6b3a04",
"sha256:135f69aecbf4517d5b3d6429207b2dff49c876be724ac0c8bf8e1ea99df3d7e5",
"sha256:19db0cdd6e516f13329cba4903368bff9bb5a9331d3410b1b448daaadc495e54",
"sha256:2781e9ad0e9d47173c0093321bb5435a9dfae0ed6a762aabafa13108f5f7b2ba",
"sha256:291f7c42e21d72144bb1c1b2e825ec60f46d0a7468f5346841860454c7aa8f57",
"sha256:2c5e309ec482556397cb21ede0350c5e82f0eb2621de04b2633588d118da4396",
"sha256:2e9c80a8c3344a92cb04661115898a9129c074f7ab82011ef4b612f645939f12",
"sha256:32a262e2b90ffcfdd97c7a5e24a6012a43c61f1f5a57789ad80af1d26c6acd97",
"sha256:3c9fff570f13480b201e9ab69453108f6d98244a7f495e91b6c654a47486ba43",
"sha256:415bdc7ca8c1c634a6d7163d43fb0ea885a07e9618a64bda407e04b04333b7db",
"sha256:42194f54c11abc8583417a7cf4eaff544ce0de8187abaf5d29029c91b1725ad3",
"sha256:4424e42199e86b21fc4db83bd76909a6fc2a2aefb352cb5414833c030f6ed71b",
"sha256:4a43c91840bda5f55249413037b7a9b79c90b1184ed504883b72c4df70778579",
"sha256:599a1e8ff057ac530c9ad1778293c665cb81a791421f46922d80a86473c13346",
"sha256:5c4fae4e9cdd18c82ba3a134be256e98dc0596af1e7285a3d2602c97dcfa5159",
"sha256:5ecfa867dea6fabe2a58f03ac9186ea64da1386af2159196da51c4904e11d652",
"sha256:62f2578358d3a92e4ab2d830cd1c2049c9c0d0e6d3c58322993cc341bdeac22e",
"sha256:6471a82d5abea994e38d2c2abc77164b4f7fbaaf80261cb98394d5793f11b12a",
"sha256:6d4f18483d040e18546108eb13b1dfa1000a089bcf8529e30346116ea6240506",
"sha256:71a608532ab3bd26223c8d841dde43f3516aa5d2bf37b50ac410bb5e99053e8f",
"sha256:74a1d8c85fb6ff0b30fbfa8ad0ac23cd601a138f7509dc617ebc65ef305bb98d",
"sha256:7b93a885bb13073afb0aa73ad82059a4c41f4b7d8eb8368980448b52d4c7dc2c",
"sha256:7d4751da932caaec419d514eaa4215eaf14b612cff66398dd51129ac22680b20",
"sha256:7f627141a26b551bdebbc4855c1157feeef18241b4b8366ed22a5c7d672ef858",
"sha256:8169cf44dd8f9071b2b9248c35fc35e8677451c52f795daa2bb4643f32a540bc",
"sha256:aa00d66c0fab27373ae44ae26a66a9e43ff2a678bf63a9c7c1a9a4d61172827a",
"sha256:ccb032fda0873254380aa2bfad2582aedc2959186cce61e3a17abc1a55ff89c3",
"sha256:d754f39e0d1603b5b24a7f8484b22d2904fa551fe865fd0d4c3332f078d20d4e",
"sha256:d75c461e20e29afc0aee7172a0950157c704ff0dd51613506bd7d82b718e7410",
"sha256:dcd65317dd15bc0451f3e01c80da2216a31916bdcffd6221ca1202d96584aa25",
"sha256:e570d3ab32e2c2861c4ebe6ffcad6a8abf9347432a37608fe1fbd157b3f0036b",
"sha256:fd43a88e045cf992ed09fa724b5315b790525f2676883a6ea64e3263bae6549d"
],
"version": "==1.13.0"
"version": "==1.13.2"
},
"chardet": {
"hashes": [
@ -137,16 +132,6 @@
],
"version": "==2.8"
},
"enum34": {
"hashes": [
"sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850",
"sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a",
"sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79",
"sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1"
],
"markers": "python_version < '3'",
"version": "==1.1.6"
},
"gevent": {
"hashes": [
"sha256:0774babec518a24d9a7231d4e689931f31b332c4517a771e532002614e270a64",
@ -208,14 +193,6 @@
],
"version": "==2.8"
},
"ipaddress": {
"hashes": [
"sha256:6e0f4a39e66cb5bb9a137b00276a2eff74f93b71dcbdad6f10ff7df9d3557fcc",
"sha256:b7f8e0369580bb4a24d5ba1d7cc29660a4a6987763faf1d8a8046830e020e7e2"
],
"markers": "python_version < '3'",
"version": "==1.0.23"
},
"msgpack-python": {
"hashes": [
"sha256:378cc8a6d3545b532dfd149da715abae4fda2a3adb6d74e525d0d5e51f46909b"
@ -240,19 +217,19 @@
},
"paramiko": {
"hashes": [
"sha256:3c16b2bfb4c0d810b24c40155dbfd113c0521e7e6ee593d704e84b4c658a1f3b",
"sha256:a8975a7df3560c9f1e2b43dc54ebd40fd00a7017392ca5445ce7df409f900fcb"
"sha256:920492895db8013f6cc0179293147f830b8c7b21fdfc839b6bad760c27459d9f",
"sha256:9c980875fa4d2cb751604664e9a2d0f69096643f5be4db1b99599fe114a97b2f"
],
"index": "pypi",
"version": "==2.4.2"
"version": "==2.7.1"
},
"pyasn1": {
"hashes": [
"sha256:da2420fe13a9452d8ae97a0e478adde1dee153b11ba832a95b223a2ba01c10f7",
"sha256:da6b43a8c9ae93bc80e2739efb38cc776ba74a886e3e9318d65fe81a8b8a2c6e"
"sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d",
"sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba"
],
"index": "pypi",
"version": "==0.4.5"
"version": "==0.4.8"
},
"pycparser": {
"hashes": [
@ -262,37 +239,41 @@
},
"pycryptodomex": {
"hashes": [
"sha256:0bda549e20db1eb8e29fb365d10acf84b224d813b1131c828fc830b2ce313dcd",
"sha256:1210c0818e5334237b16d99b5785aa0cee815d9997ee258bd5e2936af8e8aa50",
"sha256:2090dc8cd7843eae75bd504b9be86792baa171fc5a758ea3f60188ab67ca95cf",
"sha256:22e6784b65dfdd357bf9a8a842db445192b227103e2c3137a28c489c46742135",
"sha256:2edb8c3965a77e3092b5c5c1233ffd32de083f335202013f52d662404191ac79",
"sha256:310fe269ac870135ff610d272e88dcb594ee58f40ac237a688d7c972cbca43e8",
"sha256:456136b7d459f000794a67b23558351c72e21f0c2d4fcaa09fc99dae7844b0ef",
"sha256:463e49a9c5f1fa7bd36aff8debae0b5c487868c1fb66704529f2ad7e92f0cc9f",
"sha256:4a33b2828799ef8be789a462e6645ea6fe2c42b0df03e6763ccbfd1789c453e6",
"sha256:5ff02dff1b03929e6339226b318aa59bd0b5c362f96e3e0eb7f3401d30594ed3",
"sha256:6b1db8234b8ee2b30435d9e991389c2eeae4d45e09e471ffe757ba1dfae682bb",
"sha256:6eb67ee02de143cd19e36a52bd3869a9dc53e9184cd6bed5c39ff71dee2f6a45",
"sha256:6f42eea5afc7eee29494fdfddc6bb7173953d4197d9200e4f67096c2a24bc21b",
"sha256:87bc8082e2de2247df7d0b161234f8edb1384294362cc0c8db9324463097578b",
"sha256:8df93d34bc0e3a28a27652070164683a07d8a50c628119d6e0f7710f4d01b42f",
"sha256:989952c39e8fef1c959f0a0f85656e29c41c01162e33a3f5fd8ce71e47262ae9",
"sha256:a4a203077e2f312ec8677dde80a5c4e6fe5a82a46173a8edc8da668602a3e073",
"sha256:a793c1242dffd39f585ae356344e8935d30f01f6be7d4c62ffc87af376a2f5f9",
"sha256:b70fe991564e178af02ccf89435a8f9e8d052707a7c4b95bf6027cb785da3175",
"sha256:b83594196e3661cb78c97b80a62fbfbba2add459dfd532b58e7a7c62dd06aab4",
"sha256:ba27725237d0a3ea66ec2b6b387259471840908836711a3b215160808dffed0f",
"sha256:d1ab8ad1113cdc553ca50c4d5f0142198c317497364c0c70443d69f7ad1c9288",
"sha256:dce039a8a8a318d7af83cae3fd08d58cefd2120075dfac0ae14d706974040f63",
"sha256:e3213037ea33c85ab705579268cbc8a4433357e9fb99ec7ce9fdcc4d4eec1d50",
"sha256:ec8d8023d31ef72026d46e9fb301ff8759eff5336bcf3d1510836375f53f96a9",
"sha256:ece65730d50aa57a1330d86d81582a2d1587b2ca51cb34f586da8551ddc68fee",
"sha256:ed21fc515e224727793e4cc3fb3d00f33f59e3a167d3ad6ac1475ab3b05c2f9e",
"sha256:eec1132d878153d61a05424f35f089f951bd6095a4f6c60bdd2ef8919d44425e"
"sha256:0943b65fb41b7403a9def6214061fdd9ab9afd0bbc581e553c72eebe60bded36",
"sha256:0a1dbb5c4d975a4ea568fb7686550aa225d94023191fb0cca8747dc5b5d77857",
"sha256:0f43f1608518347fdcb9c8f443fa5cabedd33f94188b13e4196a3a7ba90d169c",
"sha256:11ce5fec5990e34e3981ed14897ba601c83957b577d77d395f1f8f878a179f98",
"sha256:17a09e38fdc91e4857cf5a7ce82f3c0b229c3977490f2146513e366923fc256b",
"sha256:22d970cee5c096b9123415e183ae03702b2cd4d3ba3f0ced25c4e1aba3967167",
"sha256:2a1793efcbae3a2264c5e0e492a2629eb10d895d6e5f17dbbd00eb8b489c6bda",
"sha256:30a8a148a0fe482cec1aaf942bbd0ade56ec197c14fe058b2a94318c57e1f991",
"sha256:32fbbaf964c5184d3f3e349085b0536dd28184b02e2b014fc900f58bbc126339",
"sha256:347d67faee36d449dc9632da411cc318df52959079062627f1243001b10dc227",
"sha256:45f4b4e5461a041518baabc52340c249b60833aa84cea6377dc8016a2b33c666",
"sha256:4717daec0035034b002d31c42e55431c970e3e38a78211f43990e1b7eaf19e28",
"sha256:51a1ac9e7dda81da444fed8be558a60ec88dfc73b2aa4b0efa310e87acb75838",
"sha256:53e9dcc8f14783f6300b70da325a50ac1b0a3dbaee323bd9dc3f71d409c197a1",
"sha256:5519a2ed776e193688b7ddb61ab709303f6eb7d1237081e298283c72acc44271",
"sha256:583450e8e80a0885c453211ed2bd69ceea634d8c904f23ff8687f677fe810e95",
"sha256:60f862bd2a07133585a4fc2ce2b1a8ec24746b07ac44307d22ef2b767cb03435",
"sha256:612091f1d3c84e723bec7cb855cf77576e646045744794c9a3f75ba80737762f",
"sha256:629a87b87c8203b8789ccefc7f2f2faecd2daaeb56bdd0b4e44cd89565f2db07",
"sha256:6e56ec4c8938fb388b6f250ddd5e21c15e8f25a76e0ad0e2abae9afee09e67b4",
"sha256:8e8092651844a11ec7fa534395f3dfe99256ce4edca06f128efc9d770d6e1dc1",
"sha256:8f5f260629876603e08f3ce95c8ccd9b6b83bf9a921c41409046796267f7adc5",
"sha256:9a6b74f38613f54c56bd759b411a352258f47489bbefd1d57c930a291498b35b",
"sha256:a5a13ebb52c4cd065fb673d8c94f39f30823428a4de19e1f3f828b63a8882d1e",
"sha256:a77ca778a476829876a3a70ae880073379160e4a465d057e3c4e1c79acdf1b8a",
"sha256:a9f7be3d19f79429c2118fd61bc2ec4fa095e93b56fb3a5f3009822402c4380f",
"sha256:dc15a467c4f9e4b43748ba2f97aea66f67812bfd581818284c47cadc81d4caec",
"sha256:e13cdeea23059f7577c230fd580d2c8178e67ebe10e360041abe86c33c316f1c",
"sha256:e45b85c8521bca6bdfaf57e4987743ade53e9f03529dd3adbc9524094c6d55c4",
"sha256:e87f17867b260f57c88487f943eb4d46c90532652bb37046e764842c3b66cbb1",
"sha256:ee40a5b156f6c1192bc3082e9d73d0479904433cdda83110546cd67f5a15a5be",
"sha256:ef63ffde3b267043579af8830fc97fc3b9b8a526a24e3ba23af9989d4e9e689a"
],
"index": "pypi",
"version": "==3.7.3"
"version": "==3.9.4"
},
"pylnk": {
"hashes": [
@ -312,6 +293,7 @@
"sha256:30f36a9c70450c7878053fa1344aca0145fd47d845270b43a7ee9192a051bf39",
"sha256:37aa336a317209f1bb099ad177fef0da45be36a2aa664507c5d72015f956c310",
"sha256:4943decfc5b905748f0756fdd99d4f9498d7064815c4cf3643820c9028b711d1",
"sha256:53126cd91356342dcae7e209f840212a58dcf1177ad52c1d938d428eebc9fee5",
"sha256:57ef38a65056e7800859e5ba9e6091053cd06e1038983016effaffe0efcd594a",
"sha256:5bd61e9b44c543016ce1f6aef48606280e45f892a928ca7068fba30021e9b786",
"sha256:6482d3017a0c0327a49dddc8bd1074cc730d45db2ccb09c3bac1f8f32d1eb61b",
@ -320,6 +302,7 @@
"sha256:a39f54ccbcd2757d1d63b0ec00a00980c0b382c62865b61a505163943624ab20",
"sha256:aabb0c5232910a20eec8563503c153a8e78bbf5459490c49ab31f6adf3f3a415",
"sha256:bd4ecb473a96ad0f90c20acba4f0bf0df91a4e03a1f4dd6a4bdc9ca75aa3a715",
"sha256:bf459128feb543cfca16a95f8da31e2e65e4c5257d2f3dfa8c0c1031139c9c92",
"sha256:e2da3c13307eac601f3de04887624939aca8ee3c9488a0bb0eca4fb9401fc6b1",
"sha256:f67814c38162f4deb31f68d590771a29d5ae3b1bd64b75cf232308e5c74777e0"
],
@ -327,19 +310,19 @@
},
"pyopenssl": {
"hashes": [
"sha256:aeca66338f6de19d1aa46ed634c3b9ae519a64b458f8468aec688e7e3c20f200",
"sha256:c727930ad54b10fc157015014b666f2d8b41f70c0d03e83ab67624fd3dd5d1e6"
"sha256:621880965a720b8ece2f1b2f54ea2071966ab00e2970ad2ce11d596102063504",
"sha256:9a24494b2602aaf402be5c9e30a0b82d4a5c67528fe8fb475e3f3bc00dd69507"
],
"index": "pypi",
"version": "==19.0.0"
"version": "==19.1.0"
},
"requests": {
"hashes": [
"sha256:502a824f31acdacb3a35b6690b5fbf0bc41d63a24a45c4004352b0242707598e",
"sha256:7bf2a778576d825600030a110f3c0e3e8edc51dfaafe1c146e39a2027784957b"
"sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4",
"sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31"
],
"index": "pypi",
"version": "==2.21.0"
"version": "==2.22.0"
},
"requests-ntlm": {
"hashes": [
@ -358,26 +341,26 @@
},
"six": {
"hashes": [
"sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
"sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
"sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
"sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
],
"index": "pypi",
"version": "==1.12.0"
"version": "==1.14.0"
},
"soupsieve": {
"hashes": [
"sha256:605f89ad5fdbfefe30cdc293303665eff2d188865d4dbe4eb510bba1edfbfce3",
"sha256:b91d676b330a0ebd5b21719cb6e9b57c57d433671f65b9c28dd3461d9a1ed0b6"
"sha256:bdb0d917b03a1369ce964056fc195cfdff8819c40de04695a80bc813c3cfa1f5",
"sha256:e2c1c5dee4a1c36bcb790e0fabd5492d874b8ebd4617622c4f6a731701060dda"
],
"version": "==1.9.4"
"version": "==1.9.5"
},
"splinter": {
"hashes": [
"sha256:2d9f370536e6c1607824f5538e0bff9808bc02f086b07622b3790424dd3daff4",
"sha256:5d9913bddb6030979c18d6801578813b02bbf8a03b43fb057f093228ed876d62"
"sha256:62b5876757f0ac09324a7d5e5f94886110219c2b85300516ec39a914d7992d91",
"sha256:9e92535f273622507ac157612c3bb0e9cee7b5ccd2aa097d47b408e34c2ca356"
],
"index": "pypi",
"version": "==0.10.0"
"version": "==0.13.0"
},
"termcolor": {
"hashes": [
@ -395,11 +378,10 @@
},
"urllib3": {
"hashes": [
"sha256:4c291ca23bbb55c76518905869ef34bdd5f0e46af7afe6861e8375643ffee1a0",
"sha256:9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3"
"sha256:a8a318824cc77d1fd4b2bec2ded92646630d7fe8619497b142c84a9e6f5a7293",
"sha256:f3c5fd51747d450d4dcf6f923c81f78f811aab8205fda64b0aba34a4e48b0745"
],
"index": "pypi",
"version": "==1.24.2"
"version": "==1.25.7"
},
"xmltodict": {
"hashes": [
@ -411,39 +393,27 @@
}
},
"develop": {
"backports.shutil-get-terminal-size": {
"backcall": {
"hashes": [
"sha256:0975ba55054c15e346944b38956a4c9cbee9009391e41b86c68990effb8c1f64",
"sha256:713e7a8228ae80341c70586d1cc0a8caa5207346927e23d09dcbcaf18eadec80"
"sha256:38ecd85be2c1e78f77fd91700c76e14667dc21e2713b63876c0eb901196e01e4",
"sha256:bbbf4b1e5cd2bdb08f915895b51081c041bac22394fdfcfdfbe9f14b77c08bf2"
],
"markers": "python_version == '2.7'",
"version": "==1.0.0"
"version": "==0.1.0"
},
"decorator": {
"hashes": [
"sha256:86156361c50488b84a3f148056ea716ca587df2f0de1d34750d35c21312725de",
"sha256:f069f3a01830ca754ba5258fde2278454a0b5b79e0d7f5c13b3b97e57d4acff6"
"sha256:54c38050039232e1db4ad7375cfce6748d7b41c29e95a081c8a6d2c30364a2ce",
"sha256:5d19b92a3c8f7f101c8dd86afd86b0f061a8ce4540ab8cd401fa2542756bce6d"
],
"version": "==4.4.0"
},
"enum34": {
"hashes": [
"sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850",
"sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a",
"sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79",
"sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1"
],
"markers": "python_version < '3'",
"version": "==1.1.6"
"version": "==4.4.1"
},
"ipython": {
"hashes": [
"sha256:0371b7e4bd74954a35086eac949beeac5b1c9f5ce231e2e77df2286a293765e3",
"sha256:37101b8cbe072fe17bff100bc03d096404e4a9a0357097aeb5b61677c042cab1",
"sha256:4bac649857611baaaf76bc82c173aa542f7486446c335fe1a6c05d0d491c8906"
"sha256:0f4bcf18293fb666df8511feec0403bdb7e061a5842ea6e88a3177b0ceb34ead",
"sha256:387686dd7fc9caf29d2fddcf3116c4b07a11d9025701d220c589a430b0171d8a"
],
"index": "pypi",
"version": "==5.8.0"
"version": "==7.11.1"
},
"ipython-genutils": {
"hashes": [
@ -452,13 +422,19 @@
],
"version": "==0.2.0"
},
"pathlib2": {
"jedi": {
"hashes": [
"sha256:0ec8205a157c80d7acc301c0b18fbd5d44fe655968f5d947b6ecef5290fc35db",
"sha256:6cd9a47b597b37cc57de1c05e56fb1a1c9cc9fab04fe78c29acd090418529868"
"sha256:1349c1e8c107095a55386628bb3b2a79422f3a2cab8381e34ce19909e0cf5064",
"sha256:e909527104a903606dd63bea6e8e888833f0ef087057829b89a18364a856f807"
],
"markers": "python_version in '2.6 2.7 3.2 3.3'",
"version": "==2.3.5"
"version": "==0.15.2"
},
"parso": {
"hashes": [
"sha256:55cf25df1a35fd88b878715874d2c4dc1ad3f0eebd1e0266a67e1f55efccfbe1",
"sha256:5c1f7791de6bd5dbbeac8db0ef5594b36799de198b3f7f7014643b0c5536b9d3"
],
"version": "==0.5.2"
},
"pexpect": {
"hashes": [
@ -477,11 +453,10 @@
},
"prompt-toolkit": {
"hashes": [
"sha256:37925b37a4af1f6448c76b7606e0285f79f434ad246dda007a27411cca730c6d",
"sha256:dd4fca02c8069497ad931a2d09914c6b0d1b50151ce876bc15bde4c747090126",
"sha256:f7eec66105baf40eda9ab026cd8b2e251337eea8d111196695d82e0c5f0af852"
"sha256:0278d2f51b5ceba6ea8da39f76d15684e84c996b325475f6e5720edc584326a7",
"sha256:63daee79aa8366c8f1c637f1a4876b890da5fc92a19ebd2f7080ebacb901e990"
],
"version": "==1.0.18"
"version": "==3.0.2"
},
"ptyprocess": {
"hashes": [
@ -492,41 +467,18 @@
},
"pygments": {
"hashes": [
"sha256:71e430bc85c88a430f000ac1d9b331d2407f681d6f6aec95e8bcfbc3df5b0127",
"sha256:881c4c157e45f30af185c1ffe8d549d48ac9127433f2c380c24b84572ad66297"
"sha256:2a3fe295e54a20164a9df49c75fa58526d3be48e14aceba6d6b1e8ac0bfd6f1b",
"sha256:98c8aa5a9f778fcd1026a17361ddaf7330d1b7c62ae97c3bb0ae73e0b9b6b0fe"
],
"version": "==2.4.2"
},
"scandir": {
"hashes": [
"sha256:2586c94e907d99617887daed6c1d102b5ca28f1085f90446554abf1faf73123e",
"sha256:2ae41f43797ca0c11591c0c35f2f5875fa99f8797cb1a1fd440497ec0ae4b022",
"sha256:2b8e3888b11abb2217a32af0766bc06b65cc4a928d8727828ee68af5a967fa6f",
"sha256:2c712840c2e2ee8dfaf36034080108d30060d759c7b73a01a52251cc8989f11f",
"sha256:4d4631f6062e658e9007ab3149a9b914f3548cb38bfb021c64f39a025ce578ae",
"sha256:67f15b6f83e6507fdc6fca22fedf6ef8b334b399ca27c6b568cbfaa82a364173",
"sha256:7d2d7a06a252764061a020407b997dd036f7bd6a175a5ba2b345f0a357f0b3f4",
"sha256:8c5922863e44ffc00c5c693190648daa6d15e7c1207ed02d6f46a8dcc2869d32",
"sha256:92c85ac42f41ffdc35b6da57ed991575bdbe69db895507af88b9f499b701c188",
"sha256:b24086f2375c4a094a6b51e78b4cf7ca16c721dcee2eddd7aa6494b42d6d519d",
"sha256:cb925555f43060a1745d0a321cca94bcea927c50114b623d73179189a4e100ac"
],
"markers": "python_version < '3.5'",
"version": "==1.10.0"
},
"simplegeneric": {
"hashes": [
"sha256:dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173"
],
"version": "==0.8.1"
"version": "==2.5.2"
},
"six": {
"hashes": [
"sha256:3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c",
"sha256:d16a0141ec1a18405cd4ce8b4613101da75da0e9a7aec5bdd4fa804d0e0eba73"
"sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a",
"sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c"
],
"index": "pypi",
"version": "==1.12.0"
"version": "==1.14.0"
},
"traitlets": {
"hashes": [
@ -537,10 +489,10 @@
},
"wcwidth": {
"hashes": [
"sha256:3df37372226d6e63e1b1e1eda15c594bca98a22d33a23832a90998faa96bc65e",
"sha256:f4ebe71925af7b40a864553f761ed559b43544f8f71746c2d756c7fe788ade7c"
"sha256:8fd29383f539be45b20bd4df0dc29c20ba48654a41e661925e612311e9f3c603",
"sha256:f28b3e8a6483e5d49e7f8949ac1a78314e740333ae305b4ba5defd3e74fb37a8"
],
"version": "==0.1.7"
"version": "==0.1.8"
}
}
}

2
README.md
View File

@ -1,4 +1,4 @@
![Supported Python versions](https://img.shields.io/badge/python-2.7-blue.svg)
![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg)
# CrackMapExec

6
cme/cli.py
View File

@ -6,8 +6,8 @@ from cme.helpers.logger import highlight
def gen_cli_args():
VERSION = '4.0.1dev'
CODENAME = 'Bug Pr0n'
VERSION = '5.0.0dev'
CODENAME = 'P3l1as'
p_loader = protocol_loader()
protocols = p_loader.get_protocols()
@ -31,7 +31,7 @@ def gen_cli_args():
highlight(CODENAME)),
formatter_class=RawTextHelpFormatter,
version='{} - {}'.format(VERSION, CODENAME),
#version='{} - {}'.format(VERSION, CODENAME),
epilog="Ya feelin' a bit buggy all of a sudden?")
parser.add_argument("-t", type=int, dest="threads", default=100, help="set how many concurrent threads to use (default: 100)")

44
cme/cmedb.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/env python2
#!/usr/bin/env python3
import cmd
import sqlite3
import sys
@ -7,7 +7,7 @@ import requests
from time import sleep
from terminaltables import AsciiTable
from cme.msfrpc import Msfrpc, MsfAuthError
from ConfigParser import ConfigParser
import configparser
from cme.loaders.protocol_loader import protocol_loader
from requests import ConnectionError
@ -38,23 +38,23 @@ class DatabaseNavigator(cmd.Cmd):
sys.exit(0)
def print_table(self, data, title=None):
print ""
print("")
table = AsciiTable(data)
if title:
table.title = title
print table.table
print ""
print(table.table)
print("")
def do_export(self, line):
if not line:
print "[-] not enough arguments"
print("[-] not enough arguments")
return
line = line.split()
if line[0].lower() == 'creds':
if len(line) < 3:
print "[-] invalid arguments, export creds <plaintext|hashes|both|csv> <filename>"
print("[-] invalid arguments, export creds <plaintext|hashes|both|csv> <filename>")
return
if line[1].lower() == 'plaintext':
creds = self.db.get_credentials(credtype="plaintext")
@ -70,21 +70,21 @@ class DatabaseNavigator(cmd.Cmd):
export_file.write('{},{},{},{},{},{}\n'.format(credid,domain,user,password,credtype,fromhost))
else:
export_file.write('{}\n'.format(password))
print '[+] creds exported'
print('[+] creds exported')
elif line[0].lower() == 'hosts':
if len(line) < 2:
print "[-] invalid arguments, export hosts <filename>"
print("[-] invalid arguments, export hosts <filename>")
return
hosts = self.db.get_computers()
with open(os.path.expanduser(line[1]), 'w') as export_file:
for host in hosts:
hostid,ipaddress,hostname,domain,opsys,dc = host
export_file.write('{},{},{},{},{},{}\n'.format(hostid,ipaddress,hostname,domain,opsys,dc))
print '[+] hosts exported'
print('[+] hosts exported')
else:
print '[-] invalid argument, specify creds or hosts'
print('[-] invalid argument, specify creds or hosts')
def do_import(self, line):
@ -116,12 +116,12 @@ class DatabaseNavigator(cmd.Cmd):
self.db.add_credential(cred['credtype'], cred['domain'], cred['username'], cred['password'])
print "[+] Empire credential import successful"
print("[+] Empire credential import successful")
else:
print "[-] Error authenticating to Empire's RESTful API server!"
print("[-] Error authenticating to Empire's RESTful API server!")
except ConnectionError as e:
print "[-] Unable to connect to Empire's RESTful API server: {}".format(e)
print("[-] Unable to connect to Empire's RESTful API server: {}".format(e))
elif line == 'metasploit':
msf = Msfrpc({'host': self.config.get('Metasploit', 'rpc_host'),
@ -130,7 +130,7 @@ class DatabaseNavigator(cmd.Cmd):
try:
msf.login('msf', self.config.get('Metasploit', 'password'))
except MsfAuthError:
print "[-] Error authenticating to Metasploit's MSGRPC server!"
print("[-] Error authenticating to Metasploit's MSGRPC server!")
return
console_id = str(msf.call('console.create')['id'])
@ -159,7 +159,7 @@ class DatabaseNavigator(cmd.Cmd):
msf.call('console.destroy', [console_id])
print "[+] Metasploit credential import successful"
print("[+] Metasploit credential import successful")
def complete_import(self, text, line, begidx, endidx):
"Tab-complete 'import' commands."
@ -188,10 +188,10 @@ class CMEDBMenu(cmd.Cmd):
self.config_path = config_path
try:
self.config = ConfigParser()
self.config = configparser.ConfigParser()
self.config.read(self.config_path)
except Exception as e:
print "[-] Error reading cme.conf: {}".format(e)
print("[-] Error reading cme.conf: {}".format(e))
sys.exit(1)
self.workspace_dir = os.path.expanduser('~/.cme/workspaces')
@ -213,7 +213,7 @@ class CMEDBMenu(cmd.Cmd):
self.conn.isolation_level = None
def write_configfile(self):
with open(self.config_path, 'wb') as configfile:
with open(self.config_path, 'w') as configfile:
self.config.write(configfile)
def do_proto(self, proto):
@ -243,7 +243,7 @@ class CMEDBMenu(cmd.Cmd):
if line.split()[0] == 'create':
new_workspace = line.split()[1].strip()
print "[*] Creating workspace '{}'".format(new_workspace)
print("[*] Creating workspace '{}'".format(new_workspace))
os.mkdir(os.path.join(self.workspace_dir, new_workspace))
for protocol in self.protocols.keys():
@ -255,7 +255,7 @@ class CMEDBMenu(cmd.Cmd):
proto_db_path = os.path.join(self.workspace_dir, new_workspace, protocol + '.db')
if not os.path.exists(proto_db_path):
print '[*] Initializing {} protocol database'.format(protocol.upper())
print('[*] Initializing {} protocol database'.format(protocol.upper()))
conn = sqlite3.connect(proto_db_path)
c = conn.cursor()
@ -286,7 +286,7 @@ def main():
config_path = os.path.expanduser('~/.cme/cme.conf')
if not os.path.exists(config_path):
print "[-] Unable to find config file"
print("[-] Unable to find config file")
sys.exit(1)
try:

23
cme/connection.py
View File

@ -1,4 +1,5 @@
import logging
from os.path import isfile
# from traceback import format_exc
from gevent.lock import BoundedSemaphore
from gevent.socket import gethostbyname
@ -77,7 +78,7 @@ class connection(object):
self.call_cmd_args()
def call_cmd_args(self):
for k, v in vars(self.args).iteritems():
for k, v in vars(self.args).items():
if hasattr(self, k) and hasattr(getattr(self, k), '__call__'):
if v is not False and v is not None:
logging.debug('Calling {}()'.format(k))
@ -163,16 +164,16 @@ class connection(object):
self.logger.error("Invalid database credential ID!")
for user in self.args.username:
if type(user) is file:
if not isinstance(user, str) and isfile(user.name):
for usr in user:
if self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if type(ntlm_hash) is not file:
if isinstance(ntlm_hash, str):
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), ntlm_hash): return True
elif type(ntlm_hash) is file:
elif not isinstance(ntlm_hash, str) and isfile(ntlm_hash.name):
for f_hash in ntlm_hash:
if not self.over_fail_limit(usr.strip()):
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
@ -181,25 +182,25 @@ class connection(object):
elif self.args.password:
with sem:
for password in self.args.password:
if type(password) is not file:
if isinstance(password, str):
if not self.over_fail_limit(usr.strip()):
if self.plaintext_login(self.domain, usr.strip(), password): return True
elif type(password) is file:
elif not isinstance(password, str) and isfile(password.name):
for f_pass in password:
if not self.over_fail_limit(usr.strip()):
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
password.seek(0)
elif type(user) is not file:
elif isinstance(user, str):
if hasattr(self.args, 'hash') and self.args.hash:
with sem:
for ntlm_hash in self.args.hash:
if type(ntlm_hash) is not file:
if isinstance(ntlm_hash, str):
if not self.over_fail_limit(user):
if self.hash_login(self.domain, user, ntlm_hash): return True
elif type(ntlm_hash) is file:
elif not isinstance(ntlm_hash, str) and isfile(ntlm_hash.name):
for f_hash in ntlm_hash:
if not self.over_fail_limit(user):
if self.hash_login(self.domain, user, f_hash.strip()): return True
@ -208,14 +209,14 @@ class connection(object):
elif self.args.password:
with sem:
for password in self.args.password:
if type(password) is not file:
if isinstance(password, str):
if not self.over_fail_limit(user):
if hasattr(self.args, 'domain'):
if self.plaintext_login(self.domain, user, password): return True
else:
if self.plaintext_login(user, password): return True
elif type(password) is file:
elif not isinstance(password, str) and isfile(password.name):
for f_pass in password:
if not self.over_fail_limit(user):
if hasattr(self.args, 'domain'):

6
cme/context.py
View File

@ -1,6 +1,6 @@
import logging
import os
from ConfigParser import ConfigParser
import configparser
class Context:
@ -11,8 +11,8 @@ class Context:
self.log_folder_path = os.path.join(os.path.expanduser('~/.cme'), 'logs')
self.localip = None
self.conf = ConfigParser()
self.conf = configparser.ConfigParser()
self.conf.read(os.path.expanduser('~/.cme/cme.conf'))
for key, value in vars(args).iteritems():
for key, value in vars(args).items():
setattr(self, key, value)

10
cme/crackmapexec.py
View File

@ -1,4 +1,4 @@
#!/usr/bin/env python2
#!/usr/bin/env python3
from gevent.pool import Pool
from gevent import sleep
@ -15,7 +15,7 @@ from cme.servers.http import CMEServer
from cme.first_run import first_run_setup
from cme.context import Context
from pprint import pformat
from ConfigParser import ConfigParser
import configparser
import cme.helpers.powershell as powershell
import cme
import shutil
@ -44,7 +44,7 @@ def main():
cme_path = os.path.expanduser('~/.cme')
config = ConfigParser()
config = configparser.ConfigParser()
config.read(os.path.join(cme_path, 'cme.conf'))
module = None
@ -168,12 +168,12 @@ def main():
exit(1)
if getattr(module, 'opsec_safe') is False:
ans = raw_input(highlight('[!] Module is not opsec safe, are you sure you want to run this? [Y/n] ', 'red'))
ans = input(highlight('[!] Module is not opsec safe, are you sure you want to run this? [Y/n] ', 'red'))
if ans.lower() not in ['y', 'yes', '']:
sys.exit(1)
if getattr(module, 'multiple_hosts') is False and len(targets) > 1:
ans = raw_input(highlight("[!] Running this module on multiple hosts doesn't really make any sense, are you sure you want to continue? [Y/n] ", 'red'))
ans = input(highlight("[!] Running this module on multiple hosts doesn't really make any sense, are you sure you want to continue? [Y/n] ", 'red'))
if ans.lower() not in ['y', 'yes', '']:
sys.exit(1)

5
cme/first_run.py
View File

@ -2,7 +2,8 @@ import os
import sqlite3
import shutil
import cme
from ConfigParser import ConfigParser, NoSectionError, NoOptionError
import configparser
from configparser import ConfigParser, NoSectionError, NoOptionError
from cme.loaders.protocol_loader import protocol_loader
from subprocess import check_output, PIPE
from sys import exit
@ -65,7 +66,7 @@ def first_run_setup(logger):
else:
# This is just a quick check to make sure the config file isn't the old 3.x format
try:
config = ConfigParser()
config = configparser.ConfigParser()
config.read(CONFIG_PATH)
config.get('CME', 'workspace')
config.get('CME', 'pwn3d_label')

2
cme/logger.py
View File

@ -56,7 +56,7 @@ class CMEAdapter(logging.LoggerAdapter):
return u'{:<24} {:<15} {:<6} {:<16} {}'.format(module_name,
self.extra['host'],
self.extra['port'],
self.extra['hostname'].decode('utf-8') if self.extra['hostname'] else 'NONE',
self.extra['hostname'] if self.extra['hostname'] else 'NONE',
msg), kwargs
def info(self, msg, *args, **kwargs):

6
cme/modules/Get-ComputerDetails.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log, highlight
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
@ -57,8 +57,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
response.stop_tracking_host()

6
cme/modules/bloodhound.py
View File

@ -70,7 +70,7 @@ class CMEModule:
if 'BloodHound-modified.ps1' == request.path[1:]:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
context.log.success('Executing payload... this can take a few minutes...')
else:
request.send_response(404)
@ -79,8 +79,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
response.stop_tracking_host()
if self.neo4j_URI == "" and self.neo4j_user == "" and self.neo4j_pass == "" :
self.parse_ouput(data, context, response)

4
cme/modules/enum_avproducts.py
View File

@ -19,12 +19,12 @@ class CMEModule:
if output:
context.log.success('Found Anti-Spyware product:')
for entry in output:
for k,v in entry.iteritems():
for k,v in entry.items():
context.log.highlight('{} => {}'.format(k,v['value']))
output = connection.wmi('Select * from AntiVirusProduct', 'root\\SecurityCenter2')
if output:
context.log.success('Found Anti-Virus product:')
for entry in output:
for k,v in entry.iteritems():
for k,v in entry.items():
context.log.highlight('{} => {}'.format(k,v['value']))

6
cme/modules/enum_chrome.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
'''
@ -52,8 +52,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

2
cme/modules/enum_dns.py
View File

@ -52,7 +52,7 @@ class CMEModule:
else:
domain_data[rtype] = ["{}: {}".format(rname, rvalue)]
for k, v in sorted(domain_data.iteritems()):
for k, v in sorted(domain_data.items()):
context.log.highlight("Record Type: {}".format(k))
data += "Record Type: {}\n".format(k)
for d in sorted(v):

6
cme/modules/get_netdomaincontroller.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log, highlight
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
@ -56,8 +56,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

6
cme/modules/get_netrdpsession.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log, highlight
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
@ -56,8 +56,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

2
cme/modules/gpp_autologin.py
View File

@ -1,5 +1,5 @@
import xml.etree.ElementTree as ET
from StringIO import StringIO
from io import StringIO
class CMEModule:
'''

4
cme/modules/gpp_password.py
View File

@ -2,7 +2,7 @@ import xml.etree.ElementTree as ET
from Cryptodome.Cipher import AES
from base64 import b64decode
from binascii import unhexlify
from StringIO import StringIO
from io import StringIO
class CMEModule:
'''
@ -68,7 +68,7 @@ class CMEModule:
context.log.success('Found credentials in {}'.format(path))
context.log.highlight('Password: {}'.format(password))
for k,v in props.iteritems():
for k,v in props.items():
if k != 'cpassword':
context.log.highlight('{}: {}'.format(k, v))

6
cme/modules/invoke_sessiongopher.py
View File

@ -1,6 +1,6 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log
from StringIO import StringIO
from io import StringIO
from datetime import datetime
class CMEModule:
@ -64,8 +64,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

2
cme/modules/met_inject.py
View File

@ -69,7 +69,7 @@ class CMEModule:
if 'Invoke-Shellcode.ps1' == request.path[1:]:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
request.stop_tracking_host()
else:
request.send_response(404)

12
cme/modules/mimikatz.py
View File

@ -38,8 +38,7 @@ class CMEModule:
if 'Invoke-Mimikatz.ps1' == request.path[1:]:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -72,7 +71,6 @@ class CMEModule:
hostDomain = ""
domainSid = ""
hostName = ""
lines = data.split("\n")
for line in lines[0:2]:
if line.startswith("Hostname:"):
@ -128,7 +126,7 @@ class CMEModule:
if len(creds) == 0:
# check if we have lsadump output to check for krbtgt
# happens on domain controller hashdumps
for x in xrange(8,13):
for x in range(8,13):
if lines[x].startswith("Domain :"):
domain, sid, krbtgtHash = "", "", ""
@ -143,7 +141,7 @@ class CMEModule:
domain = hostDomain
sid = domainSid
for x in xrange(0, len(lines)):
for x in range(0, len(lines)):
if lines[x].startswith("User : krbtgt"):
krbtgtHash = lines[x+2].split(":")[1].strip()
break
@ -181,8 +179,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode().decode()
# We've received the response, stop tracking this host
response.stop_tracking_host()

10
cme/modules/mimikatz_enum_chrome.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
'''
@ -37,7 +37,7 @@ class CMEModule:
the entries with Mimikatz, not ideal but it works.
'''
payload = '''
payload = r'''
$cmd = "privilege::debug sekurlsa::dpapi"
$userdirs = get-childitem "$Env:SystemDrive\Users"
foreach ($dir in $userdirs) {{
@ -75,7 +75,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -84,8 +84,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

8
cme/modules/mimikatz_enum_vault_creds.py
View File

@ -1,7 +1,7 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log
from datetime import datetime
from StringIO import StringIO
from io import StringIO
class CMEModule:
'''
@ -48,7 +48,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -57,8 +57,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

8
cme/modules/mimikittenz.py
View File

@ -1,6 +1,6 @@
from cme.helpers.powershell import *
from cme.helpers.logger import write_log
from StringIO import StringIO
from io import StringIO
from datetime import datetime
class CMEModule:
@ -35,7 +35,7 @@ class CMEModule:
#with open(get_ps_script('mimikittenz/Invoke-mimikittenz.ps1'), 'r') as ps_script:
# ps_script = obfs_ps_script(ps_script.read(), function_name=self.obfs_name)
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -44,8 +44,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

6
cme/modules/multirdp.py
View File

@ -26,7 +26,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -35,8 +35,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

2
cme/modules/pe_inject.py
View File

@ -66,7 +66,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
elif os.path.basename(self.payload_path) == request.path[1:]:
request.send_response(200)

2
cme/modules/shellcode_inject.py
View File

@ -58,7 +58,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
elif os.path.basename(self.shellcode_path) == request.path[1:]:
request.send_response(200)

8
cme/modules/tokens.py
View File

@ -1,6 +1,6 @@
from cme.helpers.powershell import *
from datetime import datetime
from StringIO import StringIO
from io import StringIO
import os
import sys
@ -55,7 +55,7 @@ class CMEModule:
request.send_response(200)
request.end_headers()
request.wfile.write(self.ps_script)
request.wfile.write(self.ps_script.encode())
else:
request.send_response(404)
@ -64,8 +64,8 @@ class CMEModule:
def on_response(self, context, response):
response.send_response(200)
response.end_headers()
length = int(response.headers.getheader('content-length'))
data = response.rfile.read(length)
length = int(response.headers.get('content-length'))
data = response.rfile.read(length).decode()
#We've received the response, stop tracking this host
response.stop_tracking_host()

2
cme/msfrpc.py
View File

@ -1,4 +1,4 @@
#! /usr/bin/env python2.7
#! /usr/bin/env python3
# MSF-RPC - A Python library to facilitate MSG-RPC communication with Metasploit

4
cme/protocols/http.py
View File

@ -2,7 +2,7 @@ import requests
import os
from gevent.pool import Pool
from gevent.socket import gethostbyname
from urlparse import urlparse
from urllib.parse import urlparse
from datetime import datetime
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
@ -106,7 +106,7 @@ class single_connection(connection):
try:
r = requests.get(url, timeout=10, headers={'User-Agent': user_agent})
self.server_headers = r.headers
except ConnectTimeout, ReadTimeout:
except (ConnectTimeout, ReadTimeout):
return False
except Exception as e:
if str(e).find('Read timed out') == -1:

10
cme/protocols/http/db_navigator.py
View File

@ -13,7 +13,7 @@ class navigator(DatabaseNavigator):
# links = self.db.get_links(credID=credID)
data.append([credID, url.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, url, username, password])
self.print_table(data, title='Credential(s)')
@ -39,14 +39,14 @@ class navigator(DatabaseNavigator):
self.db.add_credential(url, username, password)
else:
print "[!] Format is 'add url username password"
print("[!] Format is 'add url username password")
return
elif filterTerm.split()[0].lower() == "remove":
args = filterTerm.split()[1:]
if len(args) != 1 :
print "[!] Format is 'remove <credID>'"
print("[!] Format is 'remove <credID>'")
return
else:
self.db.remove_credentials(args)
@ -74,14 +74,14 @@ class navigator(DatabaseNavigator):
# self.db.add_host()
else:
print "[!] Format is 'add url ip hostname port"
print("[!] Format is 'add url ip hostname port")
return
elif filterTerm.split()[0].lower() == "remove":
args = filterTerm.split()[1:]
if len(args) != 1 :
print "[!] Format is 'remove <hostID>'"
print("[!] Format is 'remove <hostID>'")
return
# self.db.remove_host()

16
cme/protocols/mssql.py
View File

@ -1,13 +1,13 @@
import socket
import logging
from cme.logger import CMEAdapter
from StringIO import StringIO
from io import StringIO
from cme.protocols.mssql.mssqlexec import MSSQLEXEC
from cme.connection import *
from cme.helpers.logger import highlight
from cme.helpers.powershell import create_ps_command
from impacket import tds
from ConfigParser import ConfigParser
import configparser
from impacket.smbconnection import SMBConnection, SessionError
from impacket.tds import SQLErrorException, TDS_LOGINACK_TOKEN, TDS_ERROR_TOKEN, TDS_ENVCHANGE_TOKEN, TDS_INFO_TOKEN, \
TDS_ENVCHANGE_VARCHAR, TDS_ENVCHANGE_DATABASE, TDS_ENVCHANGE_LANGUAGE, TDS_ENVCHANGE_CHARSET, TDS_ENVCHANGE_PACKETSIZE
@ -170,9 +170,9 @@ class mssql(connection):
if self.admin_privs:
self.db.add_admin_user('plaintext', domain, username, password, self.host)
out = u'{}{}:{} {}'.format('{}\\'.format(domain.decode('utf-8')) if self.args.auth_type is 'windows' else '',
username.decode('utf-8'),
password.decode('utf-8'),
out = u'{}{}:{} {}'.format('{}\\'.format(domain) if self.args.auth_type is 'windows' else '',
username,
password,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
self.logger.success(out)
return True
@ -201,8 +201,8 @@ class mssql(connection):
if self.admin_privs:
self.db.add_admin_user('hash', domain, username, ntlm_hash, self.host)
out = u'{}\\{} {} {}'.format(domain.decode('utf-8'),
username.decode('utf-8'),
out = u'{}\\{} {} {}'.format(domain,
username,
ntlm_hash,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
@ -230,7 +230,7 @@ class mssql(connection):
if hasattr(self, 'server'): self.server.track_host(self.host)
output = u'{}'.format(raw_output.decode('utf-8'))
output = u'{}'.format(raw_output)
if self.args.execute or self.args.ps_execute:
#self.logger.success('Executed command {}'.format('via {}'.format(self.args.exec_method) if self.args.exec_method else ''))

16
cme/protocols/mssql/db_navigator.py
View File

@ -19,7 +19,7 @@ class navigator(DatabaseNavigator):
links = self.db.get_admin_relations(userID=credID)
data.append([credID, str(len(links)) + ' Host(s)', credtype, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, str(len(links)) + ' Host(s)', credtype, domain, username, password])
self.print_table(data, title='Credentials')
@ -38,7 +38,7 @@ class navigator(DatabaseNavigator):
links = self.db.get_admin_relations(hostID=hostID)
data.append([hostID, str(len(links)) + ' Cred(s)', ip, hostname.decode('utf-8'), domain.decode('utf-8'), os, instances])
data.append([hostID, str(len(links)) + ' Cred(s)', ip, hostname, domain, os, instances])
self.print_table(data, title='Hosts')
@ -67,7 +67,7 @@ class navigator(DatabaseNavigator):
domain = host[3]
os = host[4]
data.append([hostID, ip, hostname.decode('utf-8'), domain.decode('utf-8'), os])
data.append([hostID, ip, hostname, domain, os])
self.print_table(data, title='Host(s)')
@ -87,7 +87,7 @@ class navigator(DatabaseNavigator):
credtype = cred[4]
# pillaged_from = cred[5]
data.append([credID, credtype, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, credtype, domain, username, password])
self.print_table(data, title='Credential(s) with Admin Access')
@ -110,14 +110,14 @@ class navigator(DatabaseNavigator):
self.db.add_credential("plaintext", domain, username, password)
else:
print "[!] Format is 'add domain username password"
print("[!] Format is 'add domain username password")
return
elif filterTerm.split()[0].lower() == "remove":
args = filterTerm.split()[1:]
if len(args) != 1:
print "[!] Format is 'remove <credID>'"
print("[!] Format is 'remove <credID>'")
return
else:
self.db.remove_credentials(args)
@ -146,7 +146,7 @@ class navigator(DatabaseNavigator):
username = cred[3]
password = cred[4]
data.append([credID, credType, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, credType, domain, username, password])
self.print_table(data, title='Credential(s)')
@ -165,7 +165,7 @@ class navigator(DatabaseNavigator):
domain = host[3]
os = host[4]
data.append([hostID, ip, hostname.decode('utf-8'), domain.decode('utf-8'), os])
data.append([hostID, ip, hostname, domain, os])
self.print_table(data, title='Admin Access to Host(s)')

55
cme/protocols/smb.py
View File

@ -3,7 +3,7 @@
import socket
import os
import ntpath
from StringIO import StringIO
from io import StringIO
from impacket.smbconnection import SMBConnection, SessionError
from impacket.smb import SMB_DIALECT
from impacket.examples.secretsdump import RemoteOperations, SAMHashes, LSASecrets, NTDSHashes
@ -60,13 +60,13 @@ def requires_smb_server(func):
except IndexError:
pass
if kwargs.has_key('payload'):
if 'payload' in kwargs:
payload = kwargs['payload']
if kwargs.has_key('get_output'):
if 'get_output' in kwargs:
get_output = kwargs['get_output']
if kwargs.has_key('methods'):
if 'methods' in kwargs:
methods = kwargs['methods']
if not payload and self.args.execute:
@ -184,7 +184,7 @@ class smb(connection):
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'))
except DCERPCException, e:
except (DCERPCException, e):
if str(e).find('syntaxes_not_supported') >= 0:
dce.disconnect()
return 32
@ -202,8 +202,8 @@ class smb(connection):
try:
self.conn.login('' , '')
except SessionError as e:
if "STATUS_ACCESS_DENIED" in e.message:
except:
#if "STATUS_ACCESS_DENIED" in e:
pass
self.domain = self.conn.getServerDomain()
@ -240,8 +240,8 @@ class smb(connection):
def print_host_info(self):
self.logger.info(u"{}{} (name:{}) (domain:{}) (signing:{}) (SMBv1:{})".format(self.server_os,
' x{}'.format(self.os_arch) if self.os_arch else '',
self.hostname.decode('utf-8'),
self.domain.decode('utf-8'),
self.hostname,
self.domain,
self.signing,
self.smbv1))
@ -258,9 +258,9 @@ class smb(connection):
if self.admin_privs:
self.db.add_admin_user('plaintext', domain, username, password, self.host)
out = u'{}\\{}:{} {}'.format(domain.decode('utf-8'),
username.decode('utf-8'),
password.decode('utf-8'),
out = u'{}\\{}:{} {}'.format(domain,
username,
password,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
self.logger.success(out)
@ -268,9 +268,9 @@ class smb(connection):
return True
except SessionError as e:
error, desc = e.getErrorString()
self.logger.error(u'{}\\{}:{} {} {}'.format(domain.decode('utf-8'),
username.decode('utf-8'),
password.decode('utf-8'),
self.logger.error(u'{}\\{}:{} {} {}'.format(domain,
username,
password,
error,
'({})'.format(desc) if self.args.verbose else ''))
@ -303,8 +303,8 @@ class smb(connection):
if self.admin_privs:
self.db.add_admin_user('hash', domain, username, ntlm_hash, self.host)
out = u'{}\\{} {} {}'.format(domain.decode('utf-8'),
username.decode('utf-8'),
out = u'{}\\{} {} {}'.format(domain,
username,
ntlm_hash,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
@ -313,8 +313,8 @@ class smb(connection):
return True
except SessionError as e:
error, desc = e.getErrorString()
self.logger.error(u'{}\\{} {} {} {}'.format(domain.decode('utf-8'),
username.decode('utf-8'),
self.logger.error(u'{}\\{} {} {} {}'.format(domain,
username,
ntlm_hash,
error,
'({})'.format(desc) if self.args.verbose else ''))
@ -431,7 +431,7 @@ class smb(connection):
if hasattr(self, 'server'): self.server.track_host(self.host)
output = u'{}'.format(exec_method.execute(payload, get_output).strip().decode('utf-8',errors='replace'))
output = u'{}'.format(exec_method.execute(payload, get_output).strip())
if self.args.execute or self.args.ps_execute:
self.logger.success('Executed command {}'.format('via {}'.format(self.args.exec_method) if self.args.exec_method else ''))
@ -488,8 +488,7 @@ class smb(connection):
remark = share['remark']
perms = share['access']
#self.logger.highlight('{:<15} {:<15} {}'.format(name, ','.join(perms), remark))
self.logger.highlight('{:<15} {:<15} {}'.format(name.encode('utf-8').decode('ascii', 'ignore'), ','.join(perms), remark.encode('utf-8').decode('ascii', 'ignore')))
self.logger.highlight(u'{:<15} {:<15} {}'.format(name, ','.join(perms), remark))
except Exception as e:
self.logger.error('Error enumerating shares: {}'.format(e))
@ -683,7 +682,7 @@ class smb(connection):
wmi_results = query.Next(0xffffffff, 1)[0]
record = wmi_results.getProperties()
records.append(record)
for k,v in record.iteritems():
for k,v in record.items():
self.logger.highlight('{} => {}'.format(k,v['value']))
self.logger.highlight('')
except Exception as e:
@ -749,7 +748,7 @@ class smb(connection):
self.logger.success('Brute forcing RIDs')
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
@ -758,8 +757,8 @@ class smb(connection):
soFar = 0
SIMULTANEOUS = 1000
for j in range(maxRid/SIMULTANEOUS+1):
if (maxRid - soFar) / SIMULTANEOUS == 0:
for j in range(maxRid//SIMULTANEOUS+1):
if (maxRid - soFar) // SIMULTANEOUS == 0:
sidsToCheck = (maxRid - soFar) % SIMULTANEOUS
else:
sidsToCheck = SIMULTANEOUS
@ -768,11 +767,11 @@ class smb(connection):
break
sids = list()
for i in xrange(soFar, soFar+sidsToCheck):
for i in range(soFar, soFar+sidsToCheck):
sids.append(domainSid + '-%d' % i)
try:
lsat.hLsarLookupSids(dce, policyHandle, sids,lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException, e:
except DCERPCException as e:
if str(e).find('STATUS_NONE_MAPPED') >= 0:
soFar += SIMULTANEOUS
continue

2
cme/protocols/smb/atexec.py
View File

@ -43,7 +43,7 @@ class TSCH_EXEC:
return self.__outputBuffer
def output_callback(self, data):
self.__outputBuffer = data
self.__outputBuffer = data.decode("utf-8")
def execute_handler(self, data):
if self.__retOutput:

3
cme/protocols/smb/database.py
View File

@ -141,8 +141,7 @@ class database:
cur.close()
logging.debug('add_credential(credtype={}, domain={}, username={}, password={}, groupid={}, pillaged_from={}) => {}'.encode().format(credtype, domain, username, password,
groupid, pillaged_from, user_rowid))
logging.debug('add_credential(credtype={}, domain={}, username={}, password={}, groupid={}, pillaged_from={}) => {}'.format(credtype, domain, username, password, groupid, pillaged_from, user_rowid))
return user_rowid

24
cme/protocols/smb/db_navigator.py
View File

@ -19,7 +19,7 @@ class navigator(DatabaseNavigator):
links = self.db.get_admin_relations(userID=credID)
data.append([credID, str(len(links)) + ' Host(s)', credtype, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, str(len(links)) + ' Host(s)', credtype, domain, username, password])
self.print_table(data, title='Credentials')
@ -33,7 +33,7 @@ class navigator(DatabaseNavigator):
name = group[2]
members = len(self.db.get_group_relations(groupID=groupID))
data.append([groupID, domain.decode('utf-8'), name, members])
data.append([groupID, domain, name, members])
self.print_table(data, title='Groups')
@ -51,7 +51,7 @@ class navigator(DatabaseNavigator):
links = self.db.get_admin_relations(hostID=hostID)
data.append([hostID, str(len(links)) + ' Cred(s)', ip, hostname.decode('utf-8'), domain.decode('utf-8'), os])
data.append([hostID, str(len(links)) + ' Cred(s)', ip, hostname, domain, os])
self.print_table(data, title='Hosts')
@ -77,7 +77,7 @@ class navigator(DatabaseNavigator):
domain = group[1]
name = group[2]
data.append([groupID, domain.decode('utf-8'), name.decode('utf-8')])
data.append([groupID, domain, name])
self.print_table(data, title='Group')
@ -98,7 +98,7 @@ class navigator(DatabaseNavigator):
credtype = cred[4]
pillaged_from = cred[5]
data.append([credID, credtype, pillaged_from, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, credtype, pillaged_from, domain, username, password])
self.print_table(data, title='Member(s)')
@ -128,7 +128,7 @@ class navigator(DatabaseNavigator):
os = host[4]
dc = host[5]
data.append([hostID, ip, hostname.decode('utf-8'), domain.decode('utf-8'), os, dc])
data.append([hostID, ip, hostname, domain, os, dc])
self.print_table(data, title='Host(s)')
@ -148,7 +148,7 @@ class navigator(DatabaseNavigator):
credtype = cred[4]
# pillaged_from = cred[5]
data.append([credID, credtype, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, credtype, domain, username, password])
self.print_table(data, title='Credential(s) with Admin Access')
@ -173,14 +173,14 @@ class navigator(DatabaseNavigator):
self.db.add_credential("plaintext", domain, username, password)
else:
print "[!] Format is 'add domain username password"
print("[!] Format is 'add domain username password")
return
elif filterTerm.split()[0].lower() == "remove":
args = filterTerm.split()[1:]
if len(args) != 1:
print "[!] Format is 'remove <credID>'"
print("[!] Format is 'remove <credID>'")
return
else:
self.db.remove_credentials(args)
@ -212,7 +212,7 @@ class navigator(DatabaseNavigator):
credtype = cred[4]
pillaged_from = cred[5]
data.append([credID, credtype, pillaged_from, domain.decode('utf-8'), username.decode('utf-8'), password.decode('utf-8')])
data.append([credID, credtype, pillaged_from, domain, username, password])
self.print_table(data, title='Credential(s)')
@ -229,7 +229,7 @@ class navigator(DatabaseNavigator):
domain = group[1]
name = group[2]
data.append([groupID, domain.decode('utf-8'), name.decode('utf-8')])
data.append([groupID, domain, name])
self.print_table(data, title='Member of Group(s)')
@ -248,7 +248,7 @@ class navigator(DatabaseNavigator):
domain = host[3]
os = host[4]
data.append([hostID, ip, hostname.decode('utf-8'), domain.decode('utf-8'), os])
data.append([hostID, ip, hostname, domain, os])
self.print_table(data, title='Admin Access to Host(s)')

2
cme/protocols/smb/mmcexec.py
View File

@ -175,7 +175,7 @@ class MMCEXEC:
self.get_output_fileless()
def output_callback(self, data):
self.__outputBuffer += data
self.__outputBuffer += data.decode("utf-8")
def get_output_fileless(self):
if not self.__retOutput: return

6
cme/protocols/smb/passpol.py
View File

@ -9,11 +9,11 @@ def d2b(a):
tbin = []
while a:
tbin.append(a % 2)
a /= 2
a //= 2
t2bin = tbin[::-1]
if len(t2bin) != 8:
for x in xrange(6 - len(t2bin)):
for x in range(6 - len(t2bin)):
t2bin.insert(0, 0)
return ''.join([str(g) for g in t2bin])
@ -100,11 +100,9 @@ class PassPolDump:
port = protodef[1]
except KeyError:
self.logger.debug("Invalid Protocol '{}'".format(protocol))
self.logger.debug("Trying protocol {}".format(protocol))
rpctransport = transport.SMBTransport(self.addr, port, r'\samr', self.username, self.password, self.domain,
self.lmhash, self.nthash, self.aesKey, doKerberos = self.doKerberos)
try:
self.fetchList(rpctransport)
except Exception as e:

2
cme/protocols/smb/smbexec.py
View File

@ -69,7 +69,7 @@ class SMBEXEC:
return self.__outputBuffer
def output_callback(self, data):
self.__outputBuffer += data
self.__outputBuffer += data.decode("utf-8")
def execute_fileless(self, data):
self.__output = gen_random_string(6)

7
cme/protocols/smb/wmiexec.py
View File

@ -56,7 +56,7 @@ class WMIEXEC:
def cd(self, s):
self.execute_remote('cd ' + s)
if len(self.__outputBuffer.strip('\r\n')) > 0:
print self.__outputBuffer
print(self.__outputBuffer)
self.__outputBuffer = ''
else:
self.__pwd = ntpath.normpath(ntpath.join(self.__pwd, s))
@ -65,12 +65,13 @@ class WMIEXEC:
self.__outputBuffer = ''
def output_callback(self, data):
self.__outputBuffer += data
self.__outputBuffer += data.decode("utf-8")
def execute_handler(self, data):
if self.__retOutput:
try:
self.execute_fileless(data)
logging.debug('Executing remote')
self.execute_remote(data)
except:
self.cd('\\')
self.execute_remote(data)

12
cme/protocols/ssh.py
View File

@ -4,7 +4,7 @@ from cme.connection import *
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
from paramiko.ssh_exception import AuthenticationException, NoValidConnectionsError, SSHException
from ConfigParser import ConfigParser
import configparser
class ssh(connection):
@ -58,14 +58,14 @@ class ssh(connection):
self.conn.connect(self.host, port=self.args.port, username=username, password=password)
self.check_if_admin()
self.logger.success(u'{}:{} {}'.format(username.decode('utf-8'),
password.decode('utf-8'),
self.logger.success(u'{}:{} {}'.format(username,
password,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')))
return True
except Exception as e:
self.logger.error(u'{}:{} {}'.format(username.decode('utf-8'),
password.decode('utf-8'),
self.logger.error(u'{}:{} {}'.format(username,
password,
e))
return False
@ -74,6 +74,6 @@ class ssh(connection):
stdin, stdout, stderr = self.conn.exec_command(self.args.execute)
self.logger.success('Executed command')
for line in stdout:
self.logger.highlight(line.decode('utf-8').strip())
self.logger.highlight(line.strip())
return stdout

20
cme/protocols/winrm.py
View File

@ -1,13 +1,13 @@
import winrm as pywinrm
import requests
import logging
from StringIO import StringIO
from io import StringIO
# from winrm.exceptions import InvalidCredentialsError
from impacket.smbconnection import SMBConnection, SessionError
from cme.connection import *
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
from ConfigParser import ConfigParser
import configparser
# The following disables the InsecureRequests warning and the 'Starting new HTTPS connection' log message
from requests.packages.urllib3.exceptions import InsecureRequestWarning
@ -118,17 +118,17 @@ class winrm(connection):
# we could just authenticate without running a command :) (probably)
self.conn.run_cmd('hostname')
self.admin_privs = True
self.logger.success(u'{}\\{}:{} {}'.format(self.domain.decode('utf-8'),
username.decode('utf-8'),
password.decode('utf-8'),
self.logger.success(u'{}\\{}:{} {}'.format(self.domain,
username,
password,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')))
return True
except Exception as e:
self.logger.error(u'{}\\{}:{} "{}"'.format(self.domain.decode('utf-8'),
username.decode('utf-8'),
password.decode('utf-8'),
self.logger.error(u'{}\\{}:{} "{}"'.format(self.domain,
username,
password,
e))
return False
@ -137,14 +137,14 @@ class winrm(connection):
if response_obj.status_code == 0:
buf = StringIO(response_obj.std_out).readlines()
for line in buf:
self.logger.highlight(line.decode('utf-8').strip())
self.logger.highlight(line.strip())
return response_obj.std_out
else:
buf = StringIO(response_obj.std_err).readlines()
for line in buf:
self.logger.highlight(line.decode('utf-8').strip())
self.logger.highlight(line.strip())
return response_obj.std_err

10
cme/servers/http.py
View File

@ -1,10 +1,10 @@
import BaseHTTPServer
import http.server
import threading
import ssl
import os
import sys
import logging
from BaseHTTPServer import BaseHTTPRequestHandler
from http.server import BaseHTTPRequestHandler
from gevent import sleep
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
@ -45,7 +45,7 @@ class CMEServer(threading.Thread):
try:
threading.Thread.__init__(self)
self.server = BaseHTTPServer.HTTPServer((srv_host, int(port)), RequestHandler)
self.server = http.server.HTTPServer((srv_host, int(port)), RequestHandler)
self.server.hosts = []
self.server.module = module
self.server.context = context
@ -90,12 +90,12 @@ class CMEServer(threading.Thread):
self.server.shutdown()
self.server.socket.close()
self.server.server_close()
self._Thread__stop()
self._stop()
# make sure all the threads are killed
for thread in threading.enumerate():
if thread.isAlive():
try:
thread._Thread__stop()
thread._stop()
except:
pass

4
cme/servers/smb.py
View File

@ -12,7 +12,7 @@ class CMESMBServer(threading.Thread):
self.server = smbserver.SimpleSMBServer(listen_address, listen_port)
self.server.addShare(share_name.upper(), share_path)
if verbose: self.server.setLogFile('')
self.server.setSMB2Support(False)
self.server.setSMB2Support(True)
self.server.setSMBChallenge('')
except Exception as e:
errno, message = e.args
@ -32,7 +32,7 @@ class CMESMBServer(threading.Thread):
pass
def shutdown(self):
self._Thread__stop()
#self._Thread__stop()
# make sure all the threads are killed
for thread in threading.enumerate():
if thread.isAlive():

1
cme/thirdparty/impacket vendored

@ -1 +0,0 @@
Subproject commit a400ca15946c6c1f4d7a9dfc852032510b75816d

2
cme/thirdparty/pywerview vendored

@ -1 +1 @@
Subproject commit 2dcf64854b5d111b5ee34b891f7a6480569ab993
Subproject commit acd8db86c6189c8006b9795e15614479665136c2

1
cme/thirdparty/pywinrm vendored

@ -1 +0,0 @@
Subproject commit ffec9542d2063305efab9242ffb3623ed618756f

7
requirements.txt
View File

@ -7,11 +7,11 @@ certifi==2019.9.11
cffi==1.13.0
chardet==3.0.4
cryptography==2.8
enum34==1.1.6 ; python_version < '3'
enum34==1.1.6
gevent==1.4.0
greenlet==0.4.15 ; platform_python_implementation == 'CPython'
idna==2.8
ipaddress==1.0.23 ; python_version < '3'
ipaddress==1.0.23
msgpack-python==0.5.6
netaddr==0.7.19
ntlm-auth==1.4.0
@ -19,7 +19,7 @@ paramiko==2.4.2
pyasn1==0.4.5
pycparser==2.19
pycryptodomex==3.7.3
pylnk==0.2
pylnk3==0.3.*
pynacl==1.3.0
pyopenssl==19.0.0
requests-ntlm==1.1.0
@ -32,3 +32,4 @@ termcolor==1.1.0
terminaltables==3.1.0
urllib3==1.24.2
xmltodict==0.12.0
pywinrm==0.4.1

9
setup.py
View File

@ -3,12 +3,12 @@
from setuptools import setup, find_packages
setup(name='crackmapexec',
version='4.0.1dev',
version='5.0.0dev',
description='A swiss army knife for pentesting networks',
classifiers=[
'Environment :: Console',
'License :: OSI Approved :: BSD License',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3.7',
'Topic :: Security',
],
keywords='pentesting security windows active-directory networks',
@ -30,12 +30,13 @@ setup(name='crackmapexec',
'pyOpenSSL',
'termcolor',
'msgpack-python',
'pylnk',
'pylnk3',
'splinter',
'paramiko',
'xmltodict',
'six',
'terminaltables'
'terminaltables',
'pywinrm'
],
entry_points={
'console_scripts': ['crackmapexec=cme.crackmapexec:main', 'cme=cme.crackmapexec:main', 'cmedb=cme.cmedb:main'],