swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
687 Commits
2 Branches
0 Tags
13 MiB
Commit Graph

303 Commits (2942be1188707375e7f757c26885a0b77675549c)

Author SHA1 Message Date
nodauf fffb5d4532 Add module get_description 2020-12-11 18:48:35 +01:00
mpgn 7210bc1eae Add better error management for --shares 2020-12-09 17:12:58 -05:00
mpgn b79341aa2c Bump to version 5.1.4 2020-11-29 15:04:53 -05:00
mpgn b0aa66a074 Fix encode error on spider option #430 2020-11-27 18:46:41 -05:00
mpgn cc7573155f Fix pass policy max password age #435 2020-11-27 15:51:09 -05:00
byt3bl33d3r 95f9d11b45 Modified banner 2020-11-16 13:21:41 -07:00
byt3bl33d3r cb5c8855ed Version 5.1.3 🔥 
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
  give you a completion percentage and the number of hosts remaining to
  scan
 2020-11-15 16:42:28 -07:00
mpgn dc95b51784
Merge pull request #419 from Dliv3/master 
Fix mssql execute command error
 2020-10-09 19:34:04 +02:00
mpgn 395a466bf7
Update spider_plus.py 2020-10-07 23:11:37 +02:00
Dliv3 50bebac056 Fix mssql enum host info error 2020-10-01 22:46:13 +08:00
Dliv3 9f7a2851a7 Fix powershell b64encode error 2020-10-01 17:03:52 +08:00
Dliv3 7dde1a13f6 Update mssql check_if_admin 2020-10-01 16:12:16 +08:00
byt3bl33d3r c9cc0c74fa Bumped version number 2020-09-20 08:18:32 -06:00
mpgn 79e57eaa20
Fix spider_plus module options 2020-09-20 15:09:51 +02:00
mpgn 14d12fba1e Fix wireless module not showing all cleartext password 2020-09-12 15:54:51 -04:00
mpgn e73348513d Fix initialisation when openssl not installed 2020-09-11 18:43:57 -04:00
mpgn 6885d9fd30 Add local-auth flag for MSSQL proto 2020-09-06 15:38:29 -04:00
mpgn bd549d0e6f Fix false positive on ckec_if_admin func MSSQL 2020-09-06 10:09:44 -04:00
mpgn 74ddbe7545 Fix check_if_admin() function for mssql 2020-09-06 09:30:03 -04:00
mpgn e47b110603 Improve MSSQL login 2020-09-06 09:21:38 -04:00
dev bf5b4486fc Fixed GPP filename typo and print 2020-08-26 22:47:43 -04:00
Marius Renner cc1af64448 Fix file reading concurrency issues 
Before this commit, file objects for the username, password or NTLM hash
files were all shared between target jobs for different hosts. This
could cause numerous different errors in password or hash spraying jobs
with multiple targets. Sometimes some lines in input files were skipped
for some targets, and sometimes CME even ended up in an infinite loop
due to seeking in a file that is currently also being iterated on.

There have been attempts to fix some of these errors with file.seek(0)
in some places, such as with d13042f637.
This almost works because of the BoundedSemaphore sem that effectively
keeps CME attacks single-threaded. However, there were still corner
cases with shared file object accesses not protected by the semaphore.

To fix this in a reliable way, this commit shifts the responsibility of
open()ing a file object to every job instead of globally at the start.
While this does mean that the application will open the same files a
bunch of times, it also ensures correctness in regard to concurrency.
This should also allow to relax the semaphore in the future in case no
global or username limit across all targets is required.
 2020-08-16 14:01:49 +02:00
mpgn 8785f5d3f4
option --ntds doesn't require to be admin anymore check #408 2020-08-12 17:27:53 +02:00
mpgn 3cc0b00f0b Remove conditional auth for modules and options 2020-08-11 07:39:16 -04:00
mpgn 4e444b68db Update spider_plus module with readable datetime 2020-07-30 10:30:29 -04:00
mpgn ce8094045d Add more compatibility for windows exe 
- decrease winrm timeout to 3 seconds so @IppSec 's videos
 tlast less time :)
 -- add ico to cme exe
 -- add option smb-server-port to make cme compatible with windows
 2020-07-30 15:14:31 +02:00
mpgn 1aa2f8cc0f Fix winrm uninitialized variable and hash auth option 2020-07-28 10:16:06 -04:00
mpgn 97c92ffcdd Fix os import and add the dump optional using READ_ONLY option 2020-07-05 16:58:09 -04:00
mpgn ccb8e67e7b
Update spider_plus module 
Change default output folder to TMP
Add import to fix error in try catch since os.errno does not exist anymore in python3.7
 2020-07-05 21:53:07 +02:00
Vincent D 584c926af7 Add spider_plus module 
Module to spider and dump small files from SMB servers.
 2020-07-02 09:10:43 +02:00
mpgn e58930581e dockerhub with pywerview testing 2020-06-30 19:05:54 -04:00
mpgn d80c4bf39c Fix some logic error using option asreproast #398 2020-06-30 16:49:11 -04:00
mpgn e0a1c5c49d Switch to master branch of Invoke-VNC #354 2020-06-30 15:31:30 -04:00
mpgn 4a0cb31724
Switch to version 5.1.0dev - codename 3TH@n 2020-06-25 23:24:12 +02:00
mpgn 2fd9ac50e4 Add ntlm hash auth with ldap protocol 2020-06-22 06:25:32 -04:00
mpgn 4120883f6d Add hash auth with winrm protocol 2020-06-22 06:25:00 -04:00
mpgn 56f1f9dd93 Login return False only if NT_STATUS_LOGON_FAILURE 2020-06-21 15:21:07 -04:00
mpgn d13042f637 Fix missing user.seek when using file as username with several hosts 
this commit maybe break something but it solve this `cme smb file -u file -p file`
 2020-06-20 18:43:34 -04:00
mpgn 280d497b0d Add conditional check on the func login() 
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
 2020-06-20 18:16:37 -04:00
mpgn 8f2ef3fdaf Add color when smb status is not ACCESS_DENIED #391 2020-06-20 13:20:27 -04:00
mpgn 648d756701 Improve os import for ldap protocol 2020-06-20 06:30:25 -04:00
mpgn c590230f97 Clean authentication fail message on winrm protocol when ntlm error 2020-06-20 06:26:32 -04:00
mpgn b8c505c234 Improve output of protocol winrm 2020-06-20 06:20:53 -04:00
mpgn 046056d273 Add option --continue-on-success to smb protocol 2020-06-20 06:10:05 -04:00
mpgn 5b6d66950f Fix ssh authentication error and update option for unconstrainte delegation to --trusted-for-delegation 2020-06-20 05:56:55 -04:00
mpgn 957820e339 Fix ldap protocol os import 2020-06-19 17:57:09 -04:00
mpgn ad4f06918b Refactor the ldap module and add option --admin-count and --trusted-for-auth 2020-06-19 17:31:34 -04:00
mpgn e5d1942251 Add kerberoasting and asrepoast attack with LDAP protocol 2020-06-19 09:20:22 -04:00
Alexandre Beaulieu 4a19d4dc32
feat(ssh): Add support for publickey authentication. 2020-05-21 09:03:12 -04:00
mpgn fb9d6fbc59 Fix cme action build 2020-05-10 20:16:34 +02:00
mpgn 8931ec2300 Add Windows spec file to compile CME for Windows 2020-05-10 20:06:08 +02:00
mpgn b796000343 Fix issue #321 option --continue-on-success 2020-05-09 09:36:31 -04:00
mpgn 3e1fa0f258 Fix local-auth authentication 2020-05-09 08:20:53 -04:00
mpgn d3a7effb86 Fix ssh issue #375 2020-05-09 07:59:53 -04:00
mpgn 9ae444aab9
Merge branch 'master' into v5-dev 2020-05-05 18:51:41 +02:00
mpgn e71b724cdf Bump to 5.0.2dev 2020-05-05 12:50:32 -04:00
mpgn b778306cc1 Always print FQDN 2020-05-05 12:13:32 -04:00
mpgn 3b57fb0869 Add checkifadmin() for Kerberos auth #22 2020-05-05 12:11:18 -04:00
pixis 4069cb7290 Add module - Set as owned in BloodHound 2020-05-05 09:59:30 +02:00
mpgn 1820cc1ffb Show FQDN instead of domain name 2020-05-04 15:30:56 -04:00
Pixis c75d7abebf
Update fix about no credentials 2020-05-04 19:32:58 +02:00
mpgn 622245dcfa Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support 
add error when not credential foud on lsassy module #368
 2020-05-04 13:23:41 -04:00
mpgn 52528a44bb Merge branch 'v5-dev' of https://github.com/byt3bl33d3r/CrackMapExec 2020-05-03 14:32:17 -04:00
mpgn 1308bc30c8 Adding Kerberos support for CME #22 
TODO
- aeskey
- dc-ip
- checkifadmin()
 2020-05-03 14:30:41 -04:00
mpgn 72338026ff
Merge pull request #367 from byt3bl33d3r/v5-metasploit 
Add Module metasploit
 2020-05-03 18:01:20 +02:00
mpgn 47fe1e4772 Remove submodule and simplify metasploit module #357 2020-05-03 06:19:26 -04:00
mpgn c3c9b2f04a Remove useless code #364 2020-05-01 17:31:54 -04:00
mpgn 580018050c Add better logic to MSSQL connection #364 2020-05-01 17:18:25 -04:00
mpgn c5be1e5234 Add exception handler when login fails on MSSQL protocol #364 2020-05-01 17:11:54 -04:00
mpgn ef934a7925 Rename options for module metasploit #357 2020-05-01 16:53:02 -04:00
mpgn bfe1d5b7c3 Fix uninitialized variable #363 2020-05-01 14:33:18 -04:00
mpgn 062e312fd5 Add try catch for issue #363 2020-05-01 14:20:55 -04:00
mpgn fd912c0b7d Fix thread stop assert error #357 2020-05-01 14:02:12 -04:00
mpgn 73fb336040 Update module metasploit #357 
As the old code with the shellcode was broken, we switch to a simple powershell solution with Invoke-MetasploitPayload.ps1
 2020-05-01 13:12:01 -04:00
mpgn 4dc4892660 Check if output is byte before decoding 2020-04-30 13:56:34 -04:00
mpgn 74792ce712 Add option --no-bruteforce allowing credentials spraying without bruteforce 
cme accept user file and password file and works like this:
user1 -> pass1
      -> pass2
user2 -> pass1
      -> pass2

Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
 2020-04-30 10:06:57 -04:00
mpgn 7b0f2e9bdb Add multi domain support DOMAIN\user when passing file to -u option #243 2020-04-29 12:32:21 -04:00
mpgn 2ca377f3d8 Simplify command for wireless password #305 2020-04-29 11:09:44 -04:00
mpgn b6a6e6a9bf Add wireless module #305 2020-04-29 11:03:52 -04:00
mpgn 78c5d9ebd9 Update WINRM authentication option 
If you want to avoind SMB connection use the flag -d DOMAIN
 2020-04-29 06:28:47 -04:00
mpgn 479ae1f721 Update MSSQL protocol for windows authentication #306 
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
 2020-04-29 05:56:11 -04:00
mpgn f58a10124d Update winrm method to allows code execution from normal user 
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275

we switch from pywinrm to pypsrp
 2020-04-28 15:30:18 -04:00
mpgn a20d28a885 Update RID-Hijacking to latest version #353 2020-04-28 13:22:42 -04:00
mpgn e9a5841731 Fix typo on put-file function 2020-04-28 12:28:25 -04:00
mpgn f84035fa7a Add function get-file and put-file 2020-04-28 12:22:30 -04:00
mpgn 1bbe1ac0cc Clean output of mssql protocol 2020-04-28 09:39:33 -04:00
mpgn af68773b6c Fix #352 target using file 2020-04-28 08:42:25 -04:00
mpgn 356b020cb3 Fix winrm warning from pywinrm 2020-04-28 07:24:01 -04:00
mpgn 63cf5af003 Fix smbexec function #269 2020-04-28 06:19:33 -04:00
mpgn 18c438993c Fix ssh connection #351 2020-04-28 06:11:16 -04:00
mpgn ba04528738 Add feature: file as argument for -x and -X command #269 2020-04-27 16:38:30 -04:00
mpgn f19f137b0d Fix smbexec.py decode error 2020-04-22 11:04:22 -04:00
mpgn 84222eb001 Fix bytes error on gpp_autologin and gpp_password modules 2020-04-22 10:33:03 -04:00
mpgn a13ec6c3d6 Fix gpp_password encoding error with python3 #350 2020-04-22 06:43:17 -04:00
mpgn 1e8cd73a26 Switch Invoke-VNC project to python3 branch #317 2020-04-21 09:12:43 -04:00
byt3bl33d3r 6c0228f403 Fixed dependency hell, added Github actions workflow 
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
  dependency
 2020-04-20 13:19:55 -03:00
mpgn e294a72924 Fix mimikatz module decode error #308 2020-04-20 06:24:56 -04:00
sw ed8c91ab60 changed comparison operators that generate syntax warnings 2020-04-20 03:22:03 +03:00
mpgn 9790c67620 Fix pylnk3 version from setup 
fix warning with pylnk3 version
remove useless import and comment from lsassy module
 2020-04-19 15:18:23 -04:00
pixis 47c83d90dc Add lsassy module 2020-04-19 20:30:35 +02:00