e5d1942251
Add kerberoasting and asrepoast attack with LDAP protocol
2020-06-19 09:20:22 -04:00
4a19d4dc32
feat(ssh): Add support for publickey authentication.
2020-05-21 09:03:12 -04:00
fb9d6fbc59
Fix cme action build
2020-05-10 20:16:34 +02:00
8931ec2300
Add Windows spec file to compile CME for Windows
2020-05-10 20:06:08 +02:00
b796000343
Fix issue #321 option --continue-on-success
2020-05-09 09:36:31 -04:00
3e1fa0f258
Fix local-auth authentication
2020-05-09 08:20:53 -04:00
d3a7effb86
Fix ssh issue #375
2020-05-09 07:59:53 -04:00
9ae444aab9
Merge branch 'master' into v5-dev
2020-05-05 18:51:41 +02:00
e71b724cdf
Bump to 5.0.2dev
2020-05-05 12:50:32 -04:00
b778306cc1
Always print FQDN
2020-05-05 12:13:32 -04:00
3b57fb0869
Add checkifadmin() for Kerberos auth #22
2020-05-05 12:11:18 -04:00
4069cb7290
Add module - Set as owned in BloodHound
2020-05-05 09:59:30 +02:00
1820cc1ffb
Show FQDN instead of domain name
2020-05-04 15:30:56 -04:00
c75d7abebf
Update fix about no credentials
2020-05-04 19:32:58 +02:00
622245dcfa
Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
...
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
52528a44bb
Merge branch 'v5-dev' of https://github.com/byt3bl33d3r/CrackMapExec
2020-05-03 14:32:17 -04:00
1308bc30c8
Adding Kerberos support for CME #22
...
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
72338026ff
Merge pull request #367 from byt3bl33d3r/v5-metasploit
...
Add Module metasploit
2020-05-03 18:01:20 +02:00
47fe1e4772
Remove submodule and simplify metasploit module #357
2020-05-03 06:19:26 -04:00
c3c9b2f04a
Remove useless code #364
2020-05-01 17:31:54 -04:00
580018050c
Add better logic to MSSQL connection #364
2020-05-01 17:18:25 -04:00
c5be1e5234
Add exception handler when login fails on MSSQL protocol #364
2020-05-01 17:11:54 -04:00
ef934a7925
Rename options for module metasploit #357
2020-05-01 16:53:02 -04:00
bfe1d5b7c3
Fix uninitialized variable #363
2020-05-01 14:33:18 -04:00
062e312fd5
Add try catch for issue #363
2020-05-01 14:20:55 -04:00
fd912c0b7d
Fix thread stop assert error #357
2020-05-01 14:02:12 -04:00
73fb336040
Update module metasploit #357
...
As the old code with the shellcode was broken, we switch to a simple powershell solution with Invoke-MetasploitPayload.ps1
2020-05-01 13:12:01 -04:00
4dc4892660
Check if output is byte before decoding
2020-04-30 13:56:34 -04:00
74792ce712
Add option --no-bruteforce allowing credentials spraying without bruteforce
...
cme accept user file and password file and works like this:
user1 -> pass1
-> pass2
user2 -> pass1
-> pass2
Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
2020-04-30 10:06:57 -04:00
7b0f2e9bdb
Add multi domain support DOMAIN\user when passing file to -u option #243
2020-04-29 12:32:21 -04:00
2ca377f3d8
Simplify command for wireless password #305
2020-04-29 11:09:44 -04:00
b6a6e6a9bf
Add wireless module #305
2020-04-29 11:03:52 -04:00
78c5d9ebd9
Update WINRM authentication option
...
If you want to avoind SMB connection use the flag -d DOMAIN
2020-04-29 06:28:47 -04:00
479ae1f721
Update MSSQL protocol for windows authentication #306
...
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
2020-04-29 05:56:11 -04:00
f58a10124d
Update winrm method to allows code execution from normal user
...
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275
we switch from pywinrm to pypsrp
2020-04-28 15:30:18 -04:00
a20d28a885
Update RID-Hijacking to latest version #353
2020-04-28 13:22:42 -04:00
e9a5841731
Fix typo on put-file function
2020-04-28 12:28:25 -04:00
f84035fa7a
Add function get-file and put-file
2020-04-28 12:22:30 -04:00
1bbe1ac0cc
Clean output of mssql protocol
2020-04-28 09:39:33 -04:00
af68773b6c
Fix #352 target using file
2020-04-28 08:42:25 -04:00
356b020cb3
Fix winrm warning from pywinrm
2020-04-28 07:24:01 -04:00
63cf5af003
Fix smbexec function #269
2020-04-28 06:19:33 -04:00
18c438993c
Fix ssh connection #351
2020-04-28 06:11:16 -04:00
ba04528738
Add feature: file as argument for -x and -X command #269
2020-04-27 16:38:30 -04:00
f19f137b0d
Fix smbexec.py decode error
2020-04-22 11:04:22 -04:00
84222eb001
Fix bytes error on gpp_autologin and gpp_password modules
2020-04-22 10:33:03 -04:00
a13ec6c3d6
Fix gpp_password encoding error with python3 #350
2020-04-22 06:43:17 -04:00
1e8cd73a26
Switch Invoke-VNC project to python3 branch #317
2020-04-21 09:12:43 -04:00
6c0228f403
Fixed dependency hell, added Github actions workflow
...
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
dependency
2020-04-20 13:19:55 -03:00
e294a72924
Fix mimikatz module decode error #308
2020-04-20 06:24:56 -04:00
ed8c91ab60
changed comparison operators that generate syntax warnings
2020-04-20 03:22:03 +03:00
9790c67620
Fix pylnk3 version from setup
...
fix warning with pylnk3 version
remove useless import and comment from lsassy module
2020-04-19 15:18:23 -04:00
47c83d90dc
Add lsassy module
2020-04-19 20:30:35 +02:00
e2e976847b
Update module rid_hijack to python3
2020-04-19 14:09:32 -04:00
7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1
...
Fix false positive signing disabled with SMB2/3
2020-04-19 14:36:59 -03:00
02a62b027c
Merge pull request #295 from r4wd3r/rid_hijacking
...
Add RID Hijacking Persistence Module
2020-04-19 14:36:47 -03:00
498f3fc197
Merge pull request #327 from noraj/patch-1
...
lsa secrets: dump file extension
2020-04-19 14:32:48 -03:00
ff167fa152
Fix typo response module mimikatz #334
2020-03-09 10:26:48 +01:00
f34820939f
Remove impacket and pywinrm thirdparty
...
impacket and pywinrm are pip package, no need to have them in the
thirdparty folder anymore
2020-01-24 03:40:02 -05:00
83c8e5b5a3
Add module compatibility for Python3
...
Mimikatz, Bloodhound etc
2020-01-18 07:20:10 -05:00
545b59054b
Fix Pipfile python version and submodile version
2020-01-16 04:34:21 -05:00
18634423f3
lsa secrets: dump file extension
...
The logger tell you LSA secrets are dump in a file named xxx.lsa
```
SMB x.x.x.x 445 FRSCWP0001 [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```
But in reality they are logged in xxx.screts.
So just fixing the extension showed by the logger.
2019-12-19 10:12:17 +01:00
2cf0c0fb90
Migrate cmedb to python3
2019-11-12 16:39:26 -05:00
c2698ba8ed
Fix HTTP server for module Mimikatz
2019-11-12 14:42:52 -05:00
38acbbead5
Fix option --pass-pol in python3
...
error due to :
python2 => 1 / 2 = 0
python3 => 1 / 2 = 0.5
python3 => 1 // 2 = 0
2019-11-12 13:33:14 -05:00
179dfef811
Fix mimikatz range issue
2019-11-11 06:26:38 -05:00
d2c477aafb
Migrate file option input
...
* -u user.txt
* -p password.txt
* -H hashntlm
2019-11-11 05:39:44 -05:00
73ab379acc
Migrate function to python3
...
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
2019-11-11 05:06:39 -05:00
a29cf6760c
update python3
2019-11-10 18:39:00 -05:00
c3c4b3192d
start python3 migration
2019-11-10 22:42:04 +01:00
48fd338d22
Merge pull request #304 from gustavi/master
...
Fix encoding in smb --sam
2019-08-16 10:57:11 -06:00
44fd121dce
Merge pull request #309 from shadowgatt/master
...
Fixing SMB encoding error
2019-08-16 10:56:39 -06:00
f1228174cd
Update winrm.py
...
Closes https://github.com/byt3bl33d3r/CrackMapExec/issues/310
2019-08-16 08:58:26 -05:00
12443285e9
Fix SMB encode
2019-07-13 17:52:00 +02:00
e435a4f87b
Fix SMB encode
2019-07-13 17:50:24 +02:00
fdb41c0125
Fix encoding in smb --sam
2019-04-12 13:32:38 +02:00
85e4de988b
Fix false positive signing disabled with SMB2/3
...
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection. When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state. Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite. The latter contributed to many false positives in the --gen-relay-list output file. This is a hackish change that addressed the issue for me.
2019-03-26 15:45:02 -04:00
49a002fcd4
Merge branch 'master' into rid_hijacking
2019-03-23 16:10:44 -05:00
333f1c4e06
Updated all submodules, replace pycrypto with pycryptodomex
2019-03-13 21:51:25 -06:00
56ed25b621
Add rid_hijack.py module
2019-02-24 20:51:16 -05:00
d472bdb004
Add RID-Hijacking submodule
2019-02-24 20:50:03 -05:00
dbe142c1ae
Merge pull request #280 from awsmhacks/master
...
update to powershell.py
2018-12-10 16:03:12 -07:00
304836d702
update powershell.py
...
Adding [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' to fix a SSL/TLS error
2018-12-06 14:07:40 -06:00
b4fb22f6fe
Get-ComputerDetails.py
2018-11-04 14:22:17 +05:30
224c24a0a4
Updated all submodules and packages
2018-08-29 15:33:02 +08:00
f61cb7e3f0
Merge pull request #256 from FrankSpierings/patch-2
...
Modified logging in spider.py
2018-08-28 19:57:55 +08:00
50a379dad4
Merge pull request #255 from FrankSpierings/patch-1
...
Update smbspider.py - Feature to use `--spider '*'` to spider all rea…
2018-08-28 19:55:54 +08:00
0128b589dc
Merge pull request #248 from kmackinley/kmackinley-cme-dev1
...
Flag to allow continuation while password spraying
2018-08-28 19:40:14 +08:00
1a7174137c
Added remotehost in the spidering output. It is now //<remotehost>/<share>/<folder *>/<file>
2018-07-07 14:33:14 +00:00
2823452053
Update smbspider.py - Feature to use `--spider '*'` to spider all readable shares
...
I've added the option to allow spidering over all readable shares.
2018-07-07 16:00:59 +02:00
dabdcf49ca
updated amsi bypass
2018-05-29 17:47:54 -06:00
7034ab66d0
Flag to allow continuation while password spraying
...
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)
Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success
In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
2018-05-26 19:44:24 -06:00
f3465ef008
Fixed up @aj-cgtech changes
2018-03-01 12:36:17 -07:00
5fd4aa716c
Merge branch 'usersfix' of https://github.com/aj-cgtech/CrackMapExec into aj-cgtech-usersfix
2018-03-01 11:57:33 -07:00
12846a7e9e
Merge pull request #237 from friendlyintruder/master
...
fixes debug output error if exec method fails
2018-03-01 11:51:57 -07:00
8dd4e95fe7
fixes debug output error if exec method fails
2018-02-23 14:55:05 +01:00
fffc24ae46
Having worked out how the protocol object is created. Created config
...
object once, and set as an attr on each protocol.
More elegant, and allows for further config options in the future.
2018-02-23 10:13:46 +00:00
b6a7028999
Typo, not l33t.
2018-02-22 21:18:31 +00:00
7e2a267328
Merging "Pwn3d!" label changes.
...
Fixes issue #236
Adds the ability to change the (Pwned!) label on CME output.
By default, nothing changes, but if required, to keep suits happy, you
can change the output of CME by adding a property to ~/.cme/cme.conf, in
the [CME] section, property "pwn3d_label".
eg:
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Woot!
2018-02-22 20:24:03 +00:00
6ee852387c
Pwn3d label parameterised in config file.
2018-02-22 13:03:07 +00:00
mpgn
Alexandre Beaulieu
pixis
byt3bl33d3r
sw
Alexandre ZANNI
Ryan
root
Augustin Laville
Harrison Neal
Sebastián Castro
Dhiraj Mishra
root
Frank Spierings
Dan McInerney
Korey McKinley
Markus Krell
aj-cgtech