Commit Graph

143 Commits (2942be1188707375e7f757c26885a0b77675549c)

Author SHA1 Message Date
mpgn 2942be1188 Add timeout to smb connection to 2 sec by default, much much better 2021-09-21 11:21:16 -04:00
mpgn 2f0fc12cde Bump CME to version 5.2.0 2021-09-19 10:23:26 -04:00
mpgn fdf6cd31db
Merge pull request #2 from mpgn/dev3
Push dev branch to master
2021-09-18 23:04:16 +02:00
mpgn fdab5c545f Update ldap protocol message 2021-09-18 17:02:01 -04:00
mpgn 53a51a02f2 Fix #464 thanks Wil 2021-09-18 22:44:48 +02:00
mpgn a31d03a99a Fix #486 with ntds dump thx @b13bs 2021-09-18 22:44:48 +02:00
mpgn d5a005898e Improve LDAP protocol
- improve authentification status error
- check if user is on a juicy group
2021-07-02 04:50:41 -04:00
mpgn c3516fe9d5 Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec 2021-06-28 13:25:31 -04:00
mpgn 091915b990 Fix and add a lot, check commit message
Update LDAP proto:
	- can fetch a LDAP domain from an account from another domain (trust relation between forest)
	- fix sizeLimit to unlimited on LDAP queries
	- fix little mistake in LDAP modules

Update SMB proto:
	- fix users function when DC is vulnerable to NULL SESSION
	- add SAMRPC function to fetch users on the domain
	- add option --computers to fetch all computers

Update CLI
	- add function export, but it's not tested
2021-06-24 14:38:24 -04:00
mpgn 9104e18f7e Add port option to WinRM protocol #469 2021-05-30 16:49:12 -04:00
mpgn 215c479957 Fix spelling mistake 2021-05-30 16:28:37 -04:00
mpgn 3b5c912e68
Merge pull request #450 from nodauf/patch-1 @nodauf
Add option --password-not-required
2021-05-30 21:19:35 +02:00
mpgn 3ade69abed
Fix missing try catch on --shares option
Thx to @0xdf report !
2021-04-02 19:25:06 +02:00
mpgn d2f0b66ae4 Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X 2021-02-28 09:48:50 -05:00
mpgn 627966e227 Small code Refactoring for ldap protocol 2021-01-29 18:25:39 -05:00
mpgn ba91408c74 Fix smb error not correctly catched 2021-01-29 11:30:05 -05:00
mpgn b2a53dc896 Better null session handle 2021-01-29 05:53:40 -05:00
mpgn d53343369b Fix function name sessions option 2021-01-27 05:49:23 -05:00
nodauf 0487e55234
Add option --password-not-required
Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD. With this flag the user is not subject to a possibly existing policy regarding the length of password. So he can have a shorter password than it is required, or it may even have no password at all, even if empty passwords are not allowed
2021-01-23 12:21:33 +01:00
mpgn 567ed8d8c3 Add option --users and --groups to LDAP protocol 2021-01-21 09:45:55 -05:00
mpgn 95aad485fb Fix issue #412 2021-01-21 05:28:56 -05:00
mpgn 719f18ac78 Fix cmedb encoding error #439 2021-01-21 05:08:06 -05:00
mpgn 908d074815 Catch exception if domain controller not found --kdcHost 2021-01-21 03:54:26 -05:00
mpgn af2dc05b7e Add --continue-on-success option to ldap protocol 2021-01-21 03:47:45 -05:00
mpgn 7210bc1eae Add better error management for --shares 2020-12-09 17:12:58 -05:00
mpgn b0aa66a074 Fix encode error on spider option #430 2020-11-27 18:46:41 -05:00
mpgn cc7573155f Fix pass policy max password age #435 2020-11-27 15:51:09 -05:00
byt3bl33d3r cb5c8855ed Version 5.1.3 🔥
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
  give you a completion percentage and the number of hosts remaining to
  scan
2020-11-15 16:42:28 -07:00
Dliv3 50bebac056 Fix mssql enum host info error 2020-10-01 22:46:13 +08:00
Dliv3 7dde1a13f6 Update mssql check_if_admin 2020-10-01 16:12:16 +08:00
mpgn 6885d9fd30 Add local-auth flag for MSSQL proto 2020-09-06 15:38:29 -04:00
mpgn bd549d0e6f Fix false positive on ckec_if_admin func MSSQL 2020-09-06 10:09:44 -04:00
mpgn 74ddbe7545 Fix check_if_admin() function for mssql 2020-09-06 09:30:03 -04:00
mpgn e47b110603 Improve MSSQL login 2020-09-06 09:21:38 -04:00
mpgn 8785f5d3f4
option --ntds doesn't require to be admin anymore check #408 2020-08-12 17:27:53 +02:00
mpgn ce8094045d Add more compatibility for windows exe
- decrease winrm timeout to 3 seconds so @IppSec 's videos
 tlast less time :)
 -- add ico to cme exe
 -- add option smb-server-port to make cme compatible with windows
2020-07-30 15:14:31 +02:00
mpgn 1aa2f8cc0f Fix winrm uninitialized variable and hash auth option 2020-07-28 10:16:06 -04:00
mpgn d80c4bf39c Fix some logic error using option asreproast #398 2020-06-30 16:49:11 -04:00
mpgn 2fd9ac50e4 Add ntlm hash auth with ldap protocol 2020-06-22 06:25:32 -04:00
mpgn 4120883f6d Add hash auth with winrm protocol 2020-06-22 06:25:00 -04:00
mpgn 56f1f9dd93 Login return False only if NT_STATUS_LOGON_FAILURE 2020-06-21 15:21:07 -04:00
mpgn 280d497b0d Add conditional check on the func login()
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
2020-06-20 18:16:37 -04:00
mpgn 8f2ef3fdaf Add color when smb status is not ACCESS_DENIED #391 2020-06-20 13:20:27 -04:00
mpgn 648d756701 Improve os import for ldap protocol 2020-06-20 06:30:25 -04:00
mpgn c590230f97 Clean authentication fail message on winrm protocol when ntlm error 2020-06-20 06:26:32 -04:00
mpgn b8c505c234 Improve output of protocol winrm 2020-06-20 06:20:53 -04:00
mpgn 046056d273 Add option --continue-on-success to smb protocol 2020-06-20 06:10:05 -04:00
mpgn 5b6d66950f Fix ssh authentication error and update option for unconstrainte delegation to --trusted-for-delegation 2020-06-20 05:56:55 -04:00
mpgn 957820e339 Fix ldap protocol os import 2020-06-19 17:57:09 -04:00
mpgn ad4f06918b Refactor the ldap module and add option --admin-count and --trusted-for-auth 2020-06-19 17:31:34 -04:00