Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec

2021-06-28 13:22:23 -04:00 · 2021-06-28 13:22:23 -04:00 · c3516fe9d5
parent 091915b990 4385abaa24
commit c3516fe9d5
6 changed files with 343 additions and 296 deletions
--- a/cme/cli.py
+++ b/cme/cli.py
@ -7,7 +7,7 @@ from termcolor import colored

 def gen_cli_args():

-    VERSION  = '5.1.6dev'
+    VERSION  = '5.1.7dev'
    CODENAME = 'U fancy huh?'

    p_loader =  protocol_loader()
@ -24,7 +24,7 @@ def gen_cli_args():
                                         A swiss army knife for pentesting networks
                                    Forged by @byt3bl33d3r using the powah of dank memes

-                                           {colored("Public version of CrackMapExec", "magenta")}
+                                           {colored("Exclusive release for Kali Linux users", "magenta")}

                                                     {highlight('Version', 'red')}: {highlight(VERSION)}
                                                   {highlight('Codename', 'red')}: {highlight(CODENAME)}
--- a/cme/protocols/smb.py
+++ b/cme/protocols/smb.py
@ -747,7 +747,6 @@ class smb(connection):
            except Exception as e:
                self.logger.error('Error enumerating domain users using dc ip {}: {}'.format(dc_ip, e))
                self.logger.info('Trying with SAMRPC protocol')
-                self.logger.success('Enumerated domain user(s)')
                users = UserSamrDump(self).dump()
                break
        return users
--- a/cme/protocols/smb/samruser.py
+++ b/cme/protocols/smb/samruser.py
@ -95,8 +95,10 @@ class UserSamrDump:
                resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
            except DCERPCException as e:
                if str(e).find('STATUS_MORE_ENTRIES') < 0:
-                    raise 
+                    self.logger.error('Error enumerating domain user(s)')
+                    break 
                resp = e.get_packet()
+            self.logger.success('Enumerated domain user(s)')
            for user in resp['Buffer']['Buffer']:
                r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
                info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
--- a/cme/protocols/winrm.py
+++ b/cme/protocols/winrm.py
@ -32,6 +32,7 @@ class winrm(connection):
        winrm_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
        winrm_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
        winrm_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")
+        winrm_parser.add_argument("--port", type=int, default=0, help="Custom WinRM port")
        dgroup = winrm_parser.add_mutually_exclusive_group()
        dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, default=None, help="domain to authenticate to")
        dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target')
@ -104,9 +105,10 @@ class winrm(connection):
        

    def create_conn_obj(self):
+
        endpoints = [
-            'https://{}:5986/wsman'.format(self.host),
-            'http://{}:5985/wsman'.format(self.host)
+            'https://{}:{}/wsman'.format(self.host, self.args.port if self.args.port else 5986),
+            'http://{}:{}/wsman'.format(self.host, self.args.port if self.args.port else 5985)
        ]

        for url in endpoints:
@ -114,9 +116,9 @@ class winrm(connection):
                requests.get(url, verify=False, timeout=3)
                self.endpoint = url
                if self.endpoint.startswith('https://'):
-                    self.port = 5986
+                    self.port = self.args.port if self.args.port else 5986
                else:
-                    self.port = 5985
+                    self.port = self.args.port if self.args.port else 5985

                self.logger.extra['port'] = self.port

--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,6 +1,6 @@
 [tool.poetry]
 name = "crackmapexec"
-version = "5.1.6dev"
+version = "5.1.7dev"
 description = "A swiss army knife for pentesting networks"
 authors = ["Marcello Salvati <byt3bl33d3r@pm.com>"]
 readme = "README.md"
@ -61,11 +61,11 @@ neo4j = "^4.1.1"
 pylnk3 = "^0.3.0"
 pypsrp = "^0.5.0"
 paramiko = "^2.7.2"
-impacket = "^0.9.22"
+impacket = "^0.9.23"
 xmltodict = "^0.12.0"
 terminaltables = "^3.1.0"
 aioconsole = "^0.3.1"
-pywerview = "^0.3.0"
+pywerview = "^0.3.1"


 [tool.poetry.dev-dependencies]