Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec
commit
c3516fe9d5
|
@ -7,7 +7,7 @@ from termcolor import colored
|
|||
|
||||
def gen_cli_args():
|
||||
|
||||
VERSION = '5.1.6dev'
|
||||
VERSION = '5.1.7dev'
|
||||
CODENAME = 'U fancy huh?'
|
||||
|
||||
p_loader = protocol_loader()
|
||||
|
@ -24,7 +24,7 @@ def gen_cli_args():
|
|||
A swiss army knife for pentesting networks
|
||||
Forged by @byt3bl33d3r using the powah of dank memes
|
||||
|
||||
{colored("Public version of CrackMapExec", "magenta")}
|
||||
{colored("Exclusive release for Kali Linux users", "magenta")}
|
||||
|
||||
{highlight('Version', 'red')}: {highlight(VERSION)}
|
||||
{highlight('Codename', 'red')}: {highlight(CODENAME)}
|
||||
|
|
|
@ -747,7 +747,6 @@ class smb(connection):
|
|||
except Exception as e:
|
||||
self.logger.error('Error enumerating domain users using dc ip {}: {}'.format(dc_ip, e))
|
||||
self.logger.info('Trying with SAMRPC protocol')
|
||||
self.logger.success('Enumerated domain user(s)')
|
||||
users = UserSamrDump(self).dump()
|
||||
break
|
||||
return users
|
||||
|
|
|
@ -95,8 +95,10 @@ class UserSamrDump:
|
|||
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
|
||||
except DCERPCException as e:
|
||||
if str(e).find('STATUS_MORE_ENTRIES') < 0:
|
||||
raise
|
||||
self.logger.error('Error enumerating domain user(s)')
|
||||
break
|
||||
resp = e.get_packet()
|
||||
self.logger.success('Enumerated domain user(s)')
|
||||
for user in resp['Buffer']['Buffer']:
|
||||
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
|
||||
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
|
||||
|
|
|
@ -32,6 +32,7 @@ class winrm(connection):
|
|||
winrm_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
|
||||
winrm_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
|
||||
winrm_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")
|
||||
winrm_parser.add_argument("--port", type=int, default=0, help="Custom WinRM port")
|
||||
dgroup = winrm_parser.add_mutually_exclusive_group()
|
||||
dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, default=None, help="domain to authenticate to")
|
||||
dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target')
|
||||
|
@ -104,9 +105,10 @@ class winrm(connection):
|
|||
|
||||
|
||||
def create_conn_obj(self):
|
||||
|
||||
endpoints = [
|
||||
'https://{}:5986/wsman'.format(self.host),
|
||||
'http://{}:5985/wsman'.format(self.host)
|
||||
'https://{}:{}/wsman'.format(self.host, self.args.port if self.args.port else 5986),
|
||||
'http://{}:{}/wsman'.format(self.host, self.args.port if self.args.port else 5985)
|
||||
]
|
||||
|
||||
for url in endpoints:
|
||||
|
@ -114,9 +116,9 @@ class winrm(connection):
|
|||
requests.get(url, verify=False, timeout=3)
|
||||
self.endpoint = url
|
||||
if self.endpoint.startswith('https://'):
|
||||
self.port = 5986
|
||||
self.port = self.args.port if self.args.port else 5986
|
||||
else:
|
||||
self.port = 5985
|
||||
self.port = self.args.port if self.args.port else 5985
|
||||
|
||||
self.logger.extra['port'] = self.port
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +1,6 @@
|
|||
[tool.poetry]
|
||||
name = "crackmapexec"
|
||||
version = "5.1.6dev"
|
||||
version = "5.1.7dev"
|
||||
description = "A swiss army knife for pentesting networks"
|
||||
authors = ["Marcello Salvati <byt3bl33d3r@pm.com>"]
|
||||
readme = "README.md"
|
||||
|
@ -61,11 +61,11 @@ neo4j = "^4.1.1"
|
|||
pylnk3 = "^0.3.0"
|
||||
pypsrp = "^0.5.0"
|
||||
paramiko = "^2.7.2"
|
||||
impacket = "^0.9.22"
|
||||
impacket = "^0.9.23"
|
||||
xmltodict = "^0.12.0"
|
||||
terminaltables = "^3.1.0"
|
||||
aioconsole = "^0.3.1"
|
||||
pywerview = "^0.3.0"
|
||||
pywerview = "^0.3.1"
|
||||
|
||||
|
||||
[tool.poetry.dev-dependencies]
|
||||
|
|
Loading…
Reference in New Issue