From 8d665375a805b48dd03d50dd323bf4c7f2f5da6d Mon Sep 17 00:00:00 2001
From: mpgn <martial.puygrenier@gmail.com>
Date: Thu, 10 Feb 2022 16:36:07 -0500
Subject: [PATCH] Improve laps core functon

---
 cme/connection.py             | 14 +++++++-------
 cme/protocols/ldap/smbldap.py |  2 +-
 cme/protocols/smb.py          | 30 ++++++++++++++++--------------
 3 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/cme/connection.py b/cme/connection.py
index b16b1a67..6bd7e2bb 100755
--- a/cme/connection.py
+++ b/cme/connection.py
@@ -93,13 +93,13 @@ class connection(object):
         if self.create_conn_obj():
             self.enum_host_info()
             self.proto_logger()
-            self.print_host_info()
-            # because of null session
-            if self.login() or (self.username == '' and self.password == ''):
-                if hasattr(self.args, 'module') and self.args.module:
-                    self.call_modules()
-                else:
-                    self.call_cmd_args()
+            if self.print_host_info():
+                # because of null session
+                if self.login() or (self.username == '' and self.password == ''):
+                    if hasattr(self.args, 'module') and self.args.module:
+                        self.call_modules()
+                    else:
+                        self.call_cmd_args()
 
     def call_cmd_args(self):
         for k, v in vars(self.args).items():
diff --git a/cme/protocols/ldap/smbldap.py b/cme/protocols/ldap/smbldap.py
index 8c5b85b8..c2fe180a 100644
--- a/cme/protocols/ldap/smbldap.py
+++ b/cme/protocols/ldap/smbldap.py
@@ -93,7 +93,7 @@ class LDAPConnect:
             return False
 
         except OSError as e:
-            self.logger.error(u'{}\\{}:{} {}'.format(domain, 
+            self.logger.debug(u'{}\\{}:{} {}'.format(domain, 
                                                  username, 
                                                  password if password else ntlm_hash,
                                                  "Error connecting to the domain, please add option --kdcHost with the FQDN of the domain controller"))
diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py
index d6fd3848..74b9ac93 100755
--- a/cme/protocols/smb.py
+++ b/cme/protocols/smb.py
@@ -137,7 +137,7 @@ class smb(connection):
         smb_parser.add_argument("--smb-server-port", default="445", help="specify a server port for SMB", type=int)
         smb_parser.add_argument("--gen-relay-list", metavar='OUTPUT_FILE', help="outputs all hosts that don't require SMB signing to the specified file")
         smb_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")
-        smb_parser.add_argument("--smb-timeout", help="SMB connection timeout, default 3 secondes", type=int, default=2)
+        smb_parser.add_argument("--smb-timeout", help="SMB connection timeout, default 2 secondes", type=int, default=2)
         smb_parser.add_argument("--laps", dest='laps', metavar="LAPS", type=str, help="LAPS authentification", nargs='?', const='administrator')
         
         cgroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
@@ -291,7 +291,7 @@ class smb(connection):
             return False
         if ntlm_hash:
             hash_ntlm = hashlib.new('md4', msMCSAdmPwd.encode('utf-16le')).digest()
-            self.args.hash = [binascii.hexlify(hash_ntlm).decode()]
+            self.hash = binascii.hexlify(hash_ntlm).decode()
         self.domain = self.hostname
         return True
 
@@ -396,19 +396,21 @@ class smb(connection):
         self.create_conn_obj()
         lmhash = ''
         nthash = ''
-
-        #This checks to see if we didn't provide the LM Hash
-        if ntlm_hash.find(':') != -1:
-            lmhash, nthash = ntlm_hash.split(':')
-        else:
-            nthash = ntlm_hash
-
         try:
-            self.hash = ntlm_hash
-            if lmhash: self.lmhash = lmhash
-            if nthash: self.nthash = nthash
+
             if not self.args.laps:
                 self.username = username
+                #This checks to see if we didn't provide the LM Hash
+                if ntlm_hash.find(':') != -1:
+                    lmhash, nthash = ntlm_hash.split(':')
+                else:
+                    nthash = ntlm_hash
+                self.hash = ntlm_hash
+                if lmhash: self.lmhash = lmhash
+                if nthash: self.nthash = nthash
+            else:
+                nthash = self.hash
+            
             self.domain = domain
             self.conn.login(self.username, '', domain, lmhash, nthash)
 
@@ -420,7 +422,7 @@ class smb(connection):
 
             out = u'{}\\{}:{} {}'.format(domain,
                                          self.username,
-                                         ntlm_hash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
+                                         self.hash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
                                          highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
 
             self.logger.success(out)
@@ -439,7 +441,7 @@ class smb(connection):
             error, desc = e.getErrorString()
             self.logger.error(u'{}\\{}:{} {} {}'.format(domain,
                                                         self.username,
-                                                        ntlm_hash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
+                                                        self.hash if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
                                                         error,
                                                         '({})'.format(desc) if self.args.verbose else ''),
                                                         color='magenta' if error in smb_error_status else 'red')