Commit Graph

17 Commits (2942be1188707375e7f757c26885a0b77675549c)

Author SHA1 Message Date
mpgn d2f0b66ae4 Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X 2021-02-28 09:48:50 -05:00
Dliv3 9f7a2851a7 Fix powershell b64encode error 2020-10-01 17:03:52 +08:00
mpgn 1308bc30c8 Adding Kerberos support for CME #22
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
Ryan 304836d702
update powershell.py
Adding [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' to fix a SSL/TLS error
2018-12-06 14:07:40 -06:00
Dan McInerney dabdcf49ca updated amsi bypass 2018-05-29 17:47:54 -06:00
byt3bl33d3r 1603ac4819 Added WINRM support, NMap XML and .Nessus parsing
- Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting)
- Added support for NMap XML and .Nessus files if given as targets
- Fixed a bug in the MSSQL protocol which caused it to not retrieve host info
- Version Bump
2017-10-24 20:08:19 -06:00
byt3bl33d3r 0b936def23 Takes care of issue #190 and #191, initial SSH protocol implementation
- Passing --ntds will automatically use the drsuapi method (DCSync)
- Initial implementation of the SSH protocol and the mimipenguin module
  (This is very much still not finished, lots of stuff missing)

- Added check to make sure existing config file is in the 4.x format
- Added splinter and paramiko to dep requirements
- Updated Impacket to latest commit
- HTTP protocol now also returns server version in output
2017-07-09 23:44:58 -06:00
byt3bl33d3r e973e8c210 logger status change 2017-06-26 03:58:56 -06:00
byt3bl33d3r 7149b24524 Plugged in the Powershell obfuscation functionality
- Two new flags can be added to protocols that use powershell that can
clear cached obfuscated powershell scripts and obfuscate them if
powershell is installed
2017-06-26 03:49:04 -06:00
byt3bl33d3r 11280c4ab0 Updated submodules, initial implementation of powershell script &
launcher obfuscation

- All powershell scripts are now obfuscated if powershell for linux is
installed using Invoke-Obfuscation

- All PS launchers are obfuscated using GreatSCT's python implementation
of launcher obfuscation (for now)
2017-06-26 01:03:43 -06:00
byt3bl33d3r fd94502d48 Removed useless format param 2017-06-23 14:37:18 -06:00
byt3bl33d3r 92453cd7a9 Fixes #179 2017-06-23 14:29:36 -06:00
byt3bl33d3r f9385023ed Added web_delivery module 2017-05-08 00:24:01 -06:00
byt3bl33d3r 4ff034f366 Added enum_avproducts module, fixed module logging
- Modules now do not print output of commands called from their protocol
- Added the enum_avproducts module
- Fixed the mimikatz_enum_vault_creds to not display creds with invalid
passwords
- Added an export command to the SMB protocols DB navigator (as
suggested by @hatredshapedlikeaman)
- Misc output fixes
2017-05-07 21:16:18 -06:00
byt3bl33d3r f0752f61b7 Re-wrote the HTTP protocol to use splinter and phantomjs
- All http connections are now concurrent
- Added a flag to take screenshots of webpages
- Minor Code cleanup
2017-04-30 12:54:35 -06:00
byt3bl33d3r 751f209cd7 Initial 4.0 pre-release 2017-03-27 15:09:36 -06:00
byt3bl33d3r 9fefd167b0 Initial commit for v4.0
Just fyi for anyone reading this, it's not even close to being
finished.

The amount of changes are pretty insane, this commit is to serve as a
refrence point for myself.

Highlights for v4.0:
- The whole codebase has been re-written from scratch
- Codebase has been cut around 2/4
- Protocols are now modular! In theory we could use CME for everything
- Module chaining has been removed for now, still trying to figure out a
more elegant solution
- Workspaces have implemented in cmedb
- The smb protocol's database schema has been changed to support storing users,
groups and computers with their respective memberships and relations.
- I'm in the process of re-writing most of the modules, will re-add them
once i've finished
2016-12-15 00:28:00 -07:00