swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,779 Commits
2 Branches
0 Tags
13 MiB
Commit Graph

1051 Commits (440e2df1f3a226172911b86c33cdda51a86650e0)

Author SHA1 Message Date
Marshall Hallenbeck 23d8d588e8 chore(gitignore): add .idea to gitignore 2023-03-13 15:55:46 -04:00
mpgn d9fffd39ec
Merge pull request #10 from zblurx/dpapi 
Store domain backupkey and dpapi secrets in cmedb
 2023-03-13 13:08:55 +01:00
mpgn 23db90b853
Merge pull request #8 from zblurx/log 
init log_mode
 2023-03-13 12:44:20 +01:00
mpgn 510b425910
Merge pull request #11 from zblurx/ldap-signing 
update ldap-checker
 2023-02-28 17:04:58 +01:00
mpgn b03e87b96e update av json 2023-02-28 10:46:13 -05:00
zblurx 407ce0f796 update ldap-checker 2023-02-28 16:37:11 +01:00
mpgn 9ca90fcecc is_admin check wrong 2023-02-23 04:38:44 -05:00
mpgn c0b1d71cc8
Merge branch 'master' into dpapi 2023-02-22 20:43:47 +01:00
mpgn 26e0393a31 Add check to verify if latest version of cmedb is used 2023-02-22 14:41:58 -05:00
zblurx bf254506d0 fix column for cme dpapi browser 2023-02-22 14:02:36 +01:00
zblurx 7bfdd0a75d store dpapi secrets in cmedb 2023-02-22 13:58:53 +01:00
zblurx 393dfc3987 store domain backup key 2023-02-22 12:56:24 +01:00
zblurx 2a01b3eb19 add timestamp and check if new file 2023-02-22 10:50:40 +01:00
mpgn c294f87725 Improve output 2023-02-21 16:57:14 -05:00
mpgn 44e5020123 Add enum_av from @tothi 2023-02-21 16:28:53 -05:00
mpgn 862b2211a2 Improve argparse print 2023-02-21 15:06:37 -05:00
mpgn 522c91d1f6 Improve import os 2023-02-21 15:05:35 -05:00
mpgn 65c07f5311 Add custom logger file 2023-02-21 15:01:42 -05:00
mpgn b16dca4054 Improve logging file 2023-02-21 14:40:52 -05:00
mpgn 602e7bb020 add option to dump cookie dpapi 2023-02-19 15:35:37 -05:00
mpgn f381728740 add message when dumping dpapi 2023-02-19 08:33:05 -05:00
mpgn 681e821514 fix local auth dpapi check 2023-02-19 08:06:02 -05:00
mpgn 6919d477b7 fix logging test 2023-02-19 07:30:38 -05:00
mpgn 53931105ee small fix dpapi 2023-02-19 07:27:11 -05:00
zblurx 29ae75e6bf init log_mode 2023-02-17 14:20:16 +01:00
mpgn 63c49c0895 add check if da 2023-02-16 08:33:26 -05:00
mpgn 9a1e52f176 change logic for masterkey 2023-02-16 08:09:21 -05:00
mpgn 19a6c3887f merge master into pr 2023-02-16 08:04:23 -05:00
mpgn d5d2d54619 Rewrite all vnc module method 2023-02-16 06:24:07 -05:00
zblurx ffae9abf49 fix trycatch in dpapi 2023-02-14 11:15:14 +01:00
zblurx 057bd8e889 change wireless module 2023-02-14 11:12:39 +01:00
zblurx 56e07ae0f5 add rdcman module 2023-02-14 11:12:22 +01:00
zblurx 619d21bf6c fix firefox upgrade_conn 2023-02-14 11:12:12 +01:00
zblurx d5fb5cf36e change pydes to pycryptodomex 2023-02-14 10:00:12 +01:00
mpgn 8e9bbf14fb
Merge branch 'master' into master 2023-02-14 09:52:07 +01:00
mpgn ec4f9ddfec remove printf ldap bloodhound 2023-02-14 03:46:43 -05:00
Zak a185b7c860 Update masky module (v0.2.0) 2023-02-14 03:43:20 -05:00
Zak ada917cc02 Update masky module (v0.2.0) 2023-02-13 23:20:17 +01:00
Daahtk 324996c2e1 Update msol.py 2023-02-13 15:55:02 -05:00
Daahtk 1fb31248a9 Create msol_dump.ps1 2023-02-13 15:55:02 -05:00
Daahtk 02fd427e34 Update msol.py 2023-02-13 15:55:02 -05:00
Daahtk a2a844c3cb Update msol.py 2023-02-13 15:55:02 -05:00
Daahtk 34b88f80af Add the MSOL module to dump msol cleartext password 
This module will dump the cleartext password for the user MSOL_XXXX on the Azure AD Connect server. This user has DCSync rights.
 2023-02-13 15:55:02 -05:00
mpgn 3e2abb9e1e improve share filter 2023-02-13 15:53:55 -05:00
mpgn 7b64626c47 Add two module winscp and veeam dump 2023-02-13 08:32:43 -05:00
Alexander Neff dfb0eee317 Fix bugs and error handling 2023-02-13 08:32:40 -05:00
Alexander Neff 24a2ae4955 Added module to dump credentials from veeam sql db 2023-02-13 08:32:40 -05:00
Alexander Neff d782fec1ff Clean up code and add more logging 2023-02-13 08:32:34 -05:00
Alexander Neff 98620ecdf9 Clean up Code 2023-02-13 08:32:34 -05:00
Alexander Neff cb3f44efd1 Added ability to scan for winscp.ini files 2023-02-13 08:32:34 -05:00
Alexander Neff 1456307e11 Add check if MasterPassword is set for Winscp to skip the encryption 2023-02-13 08:32:34 -05:00
Alexander Neff 9685a8f1c6 Now extract all winscp credentials from registry by loading ntuser.dat dynamically from every user 2023-02-13 08:32:34 -05:00
Alexander Neff 840a2f6628 Extract all winscp credentials from all logged in users from registry 2023-02-13 08:32:34 -05:00
Alexander Neff ca988744f0 Add winscp registry extraction 2023-02-13 08:32:34 -05:00
Alex 02f43dc287 baseline for winscp_dump module 2023-02-13 08:32:34 -05:00
zblurx 6f198372ca merge firefox into dpapi core option 2023-02-13 11:48:12 +01:00
mpgn 0ca17cb8a7 Bump to version Bruce Wayne 2023-02-12 17:20:51 -05:00
mpgn a551244f38 Add option to only view readable/writable shares credit to @jenaye 2023-02-12 17:19:46 -05:00
lefayjey 877ebc28d5 Fix conf base for child domains 2023-02-12 16:19:35 -05:00
Julio Ureña 01de301ce1 Create groupmembership.py 
A module to query the groups to which a user belongs.
 2023-02-12 16:13:19 -05:00
mpgn 8c5f25a2db if ldaps then ldaps my friend 2023-02-12 16:11:22 -05:00
Cameron Stark 59e0e6b340 fix OUTPUT option description in spider_plus 2023-02-12 16:09:17 -05:00
mpgn 9f6db06846 Change output filename for winrm 2023-02-12 16:03:38 -05:00
Sunggwan Choi 909f44d155 Fix ldap-checker module pth auth using NT hash 2023-02-12 16:00:43 -05:00
mpgn 60a7d8bdc0 Fix issue #732 2023-02-12 15:59:52 -05:00
mpgn ce1293b12c check if user password expired for as-reproasting 2023-02-12 15:58:07 -05:00
Alexander Neff db5a36f4b5 Fix bug resulting in duplicate logging when using verbose 2023-02-12 09:21:50 -05:00
iLightThings e84f589902 Update nopac.py 
Fixed spelling
 2023-02-12 09:21:08 -05:00
Alexandre ZANNI c05d27b8d2 [chore] better grep 2023-02-12 09:18:41 -05:00
mpgn c36a0fe445 add fqdn to kerberos option 2023-02-12 09:17:27 -05:00
mpgn 72c01b0688 add fqdn to kerberos option 2023-02-12 09:14:30 -05:00
lefayjey 0a472e9366 Use hostname in user and passpol for kerberos 2023-02-12 09:14:22 -05:00
lefayjey 5f5884785f Fix ccache kerberos auth using rpc 2023-02-12 09:14:08 -05:00
mpgn 3b5d719d24 Simplify check 2023-02-12 08:52:22 -05:00
zblurx a4c53cab36 update firefox module 2023-02-10 15:57:10 +01:00
zblurx a0832f2190 add firefox module 2023-02-10 15:16:10 +01:00
zblurx 194499533d modify output 2023-02-09 15:34:25 +01:00
zblurx 5263a4647d modify output 2023-02-09 15:33:14 +01:00
zblurx aeb0c0ea5a fix bugs 2023-02-08 12:16:07 +01:00
zblurx 0d39dff6e9 upgrade version of dploot 2023-02-08 09:53:40 +01:00
zblurx 9aa4675032 added try catch 2023-02-08 09:14:18 +01:00
zblurx 10e3b32b62 fix kerberos auth 2023-02-07 22:22:40 +01:00
zblurx 3086559501 auto export of domain backup key 2023-02-07 15:32:19 +01:00
zblurx 33093c2d49 fix dpapi harversting 2023-02-07 14:51:01 +01:00
zblurx f790d95613 pass it to core option 2023-02-07 12:06:42 +01:00
mpgn 8939405c6e Forgot to add bloodhound file 2023-02-06 08:17:16 -05:00
mpgn 4335515d28 Rewrite all rdp module 2023-02-05 15:23:40 -05:00
mpgn 5696026ba0 Fix exec method with kerberos 2023-02-05 08:00:46 -05:00
mpgn eaf421b714 Bump to 5.4.4 2023-02-05 07:37:12 -05:00
mpgn 4a443fe946 Add bloodhound core feature + fix color on ldap proto 2023-02-05 05:43:12 -05:00
mpgn 0c02ed4c0b Add GMSA print id 2023-02-05 04:44:07 -05:00
mpgn 1ddddd5f47 Add samruser function with kerberos 2023-02-02 14:43:04 -05:00
mpgn bdab59472b Add ccache support for RDP auth 2023-02-01 06:04:13 -05:00
mpgn 7fef784481 Add VNC scan + screenshot 2023-01-31 15:20:47 -05:00
zblurx 66cd0799ab add comments and limit cert dump to clientauth cert 2023-01-23 10:12:28 +01:00
zblurx a25dad9705
Merge branch 'Porchetta-Industries:master' into master 2023-01-06 10:39:52 +01:00
mpgn f0645371f0 Use default proto_flow func for rdp 2023-01-04 12:26:37 -05:00
mpgn 83f8ffd006 Handle stacktrace with binary launch with wrong python version 2023-01-04 11:48:52 -05:00
mpgn 2c6b982f7f Remove openssl requirement 2023-01-02 06:55:03 -05:00
mpgn d00a9bafeb
Fix RDP login 
Fix RDP login, major breaking change so it is also commited on the public repo
 2023-01-02 12:43:27 +01:00
mpgn 16705ec0ea Bump to 5.4.3 2023-01-02 06:37:57 -05:00
mpgn 82f28df288 Fix rdp auth & add kerberos auth (plain/nthash) -k 2023-01-02 06:37:37 -05:00
mpgn a2225dc11c Bump to 5.4.2 for porchetta 2022-12-14 16:00:36 -05:00
mpgn af8cfa8011 Add new gmsa function <3 2022-12-14 15:45:51 -05:00
mpgn 31b18614e1 replace simple quote by double quote for export 2022-12-14 09:55:17 -05:00
mpgn 86823c90be Add try catch 2022-12-12 14:39:29 -05:00
mpgn 1051ec2e69 Fix smb nthash not display with kerberos 2022-12-12 14:39:29 -05:00
Shariq Malik b14fe7f94f Fixed bh_owned error on non-existing values 
If a computer on the network has been compromised but is not listed in the Neo4j database. CME won't crash any more.
 2022-12-12 14:39:29 -05:00
Julio Ureña 4bab776011 Fix --enabled option to dump only enabled accounts 
This change allows the option to work as expected and also includes an option to grep a list of users.
 2022-12-12 14:39:29 -05:00
Julio Ureña c2993a5888 Modify remove_credentials to allow "creds remove" 
`creds remove CredID` was not working because the method was commented on, I also changed the table name from credentials to users.
 2022-12-12 14:39:29 -05:00
Julio Ureña c04b2ba465 Fix cmedb displayed credentials for mssql 
The columns were not in the correct order, which caused them to be displayed incorrectly. This change properly orders the way CMEDB displays credentials in the mssql protocol.
 2022-12-12 14:39:29 -05:00
Julio Ureña 7f65c0eccb mssql - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos with the protocol mssql.
 2022-12-12 14:39:29 -05:00
Julio Ureña 59b953c3f7 Add - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos.
 2022-12-12 14:39:29 -05:00
Julio Ureña 42a3d9375b Add - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos.
 2022-12-12 14:39:29 -05:00
mpgn 31542973d7 Fix smb nthash not display with kerberos 2022-11-29 17:05:15 -05:00
mpgn a4c89ef561 Bump to 5.4.1 2022-11-29 16:46:26 -05:00
mpgn 99cea583e9 Add kerberos compatibility for laps option 2022-11-29 16:46:25 -05:00
zblurx 6f7c99bb50
Merge branch 'Porchetta-Industries:master' into master 2022-11-25 17:25:16 +01:00
Shariq Malik a3046f657b Fixed bh_owned error on non-existing values 
If a computer on the network has been compromised but is not listed in the Neo4j database. CME won't crash any more.
 2022-11-25 16:58:52 +05:00
Julio Ureña 7c684bcffb
Fix --enabled option to dump only enabled accounts 
This change allows the option to work as expected and also includes an option to grep a list of users.
 2022-11-22 14:28:57 -04:00
zblurx 561fb6da57
Merge branch 'Porchetta-Industries:master' into master 2022-11-18 18:39:01 +01:00
Julio Ureña 81b53b9652
Modify remove_credentials to allow "creds remove" 
`creds remove CredID` was not working because the method was commented on, I also changed the table name from credentials to users.
 2022-11-17 11:18:13 -04:00
zblurx 3df3978cb0
Merge branch 'Porchetta-Industries:master' into master 2022-11-17 16:16:47 +01:00
zblurx 75d01e5cb6 init dpapi module 2022-11-17 16:16:10 +01:00
Julio Ureña 2c4be7b9e4
Fix cmedb displayed credentials for mssql 
The columns were not in the correct order, which caused them to be displayed incorrectly. This change properly orders the way CMEDB displays credentials in the mssql protocol.
 2022-11-17 09:27:01 -04:00
Julio Ureña 4a12e437fa
mssql - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos with the protocol mssql.
 2022-11-16 16:39:44 -04:00
Julio Ureña bd5a3fe91d
Add - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos.
 2022-11-16 16:15:30 -04:00
Julio Ureña baceb06afd
Add - Retrieve username when using Kerberos Auth 
This change allows the program to return the name of the user being authenticated when using Kerberos.
 2022-11-16 16:06:43 -04:00
mpgn db79f5a487 Bump to 5.4.1 2022-11-10 16:08:17 -05:00
mpgn 9d6c3fe67e Add kerberos compatibility for laps option 2022-11-10 16:07:41 -05:00
mpgn 25978c0be0
Update smb.py 2022-11-10 22:06:35 +01:00
mpgn 193ce4128e SMB kerberos better you can put ip whithout fqdn 2022-11-10 04:17:09 -05:00
mpgn a88a6e8552 Add catch for kerberos use-kcache option with error message 2022-11-09 16:59:53 -05:00
mpgn 667faa0d7b Add catch for kerberos use-kcache option 2022-11-09 16:56:57 -05:00
Julio Ureña a5c30851c0
Fix output always returning false 
Based on Neo4j documentation https://neo4j.com/docs/api/python-driver/current/api.html#neo4j.Result I added some modification to the result variable.

The way it was code, `result.value()` always return 0.
 2022-11-09 15:39:43 -04:00
Julio Ureña ba690f93fd
Added the option to select architecture (64 or 32) 
The module only allowed 32 bits, with this change it is possible to select 32 bits or 64 bits architecture.
 2022-11-09 07:07:29 -04:00
Julio Ureña ccfd9565e0
Fix #671 - handlekatz modules fail 
handlekatz modules fail if directory /tmp/shared does not exist. I changed the directory from /tmp/shared to /tmp and the option description.
 2022-11-08 11:14:00 -04:00
Julio Ureña 61757a2cd2
Fix #671 - procdump modules fail 
procdump modules fail if directory /tmp/shared does not exist. I changed the directory from /tmp/shared to /tmp and the option description.
 2022-11-08 11:13:05 -04:00
shoxxdj 0990b4fa8b bugfix : cant export csv 2022-11-08 15:15:54 +01:00
mpgn e4f6343646 Bump to 5.4.0 2022-11-08 05:08:23 -05:00
mpgn be6b0edd42
Merge pull request #662 from Porchetta-Industries/rdp 
Bump aardwolf to version 0.2.0
 2022-11-08 09:31:58 +01:00
mpgn 8fedcc48b7
Update rdp.py 2022-11-08 09:25:59 +01:00
mpgn 4562cea72a
Merge pull request #669 from juliourena/master 
Fix #668 - Remove @requires_admin flag for WMI queries
 2022-11-07 21:07:29 +01:00
mpgn 60e3dda195
Merge pull request #601 from Dfte/master 
Add the Impersonate module
 2022-11-07 12:26:37 +01:00
Julio Ureña 47a92590a6
Remove @requires_admin flag for WMI queries 
Although not common, it is possible for a user to be assigned WMI privileges. Removing @requires_admin in case we do not have privileges to make queries to WMI we will receive an access denied error, which makes it clearer what is happening.
 2022-11-04 07:45:47 -04:00
mpgn b2bcbe0ade Fix issue #667 with use-kcache option 2022-11-03 16:04:46 -04:00
mpgn 83180a6b68 ldap better error message 2022-11-03 15:56:38 -04:00
mpgn 49d68e0269 fix error with connection outside dc 2022-11-03 15:29:56 -04:00
mpgn 37f2555ab7 Merge branch 'screenrdp' into rdp 2022-11-02 15:39:17 -04:00
mpgn 33a3c61242 update rdp proto 2022-11-02 15:39:14 -04:00
lap1nou 4fabd0843a Added an NLA disabled screenshot function 2022-11-02 18:47:32 +01:00
mpgn 12ec7f2278 update impersonate binary 2022-11-02 07:23:07 -04:00
mpgn 6a31c588a2 update ldap proto and add func get domain sid 2022-11-01 18:20:14 -04:00
Julio Ureña 3eb80ae534
Modify logging output when putting files 
Added \\ to match the correct display of the file and path.
 2022-11-01 08:10:55 -04:00
Julio Ureña cc72c6c868
Remove @requires_admin from get_file and put_file 
The @requires_admin flag prevents non-admin users who have Read and Write access to a shared folder from performing any operations.
 2022-11-01 07:29:56 -04:00
mpgn a36d3145e1
Merge pull request #655 from zblurx/master 
Fix kerberos authentication and add kerbrute
 2022-10-31 13:34:03 +01:00
mpgn 3942eab31b update a little bit 2022-10-31 08:33:41 -04:00
Defte 5d4f3b5606
Update impersonate.py 
I'll add technical links to the blog post explaining token manipulation internals as well as the source code of the original binary when the blog post will be released (should be on monday)
 2022-10-29 11:55:34 +02:00
Defte 1bfb3a860b
Addind the IMP_EXE option 
Guess this will be the final one :P
 2022-10-29 11:52:48 +02:00
mpgn 9c66f29474
Merge branch 'master' into rdp 2022-10-28 15:22:28 +02:00
mpgn dc6b023456 update RDP protocol 2022-10-27 16:43:52 -04:00
mpgn fedbfaf1f5 Change default order of exec method for smb 2022-10-27 15:40:34 -04:00
mpgn aa8bf6aa46 Refactor options 2022-10-27 15:32:55 -04:00
Defte 2dcd33ee17
Update impersonate.py 
Adding double quotes for spaced cmd
 2022-10-27 18:57:00 +02:00
Defte ed80922b0e
Final update! 2022-10-27 12:21:46 +02:00
mpgn abc288234b Fix ldap with null binding thx @juliourena 2022-10-26 08:58:51 -04:00
mpgn 65724d4553
Merge pull request #653 from Z4kSec/master 
Add Masky module
 2022-10-25 13:03:29 +02:00
mpgn 87108d4878
Merge pull request #658 from Porchetta-Industries/mssql-uaht 
Fix regression for mssql with local_auth thx @juliourena
 2022-10-24 21:26:55 +02:00
mpgn a3b3ab9e92 Fix regression for mssql with local_auth thx @juliourena 2022-10-24 15:20:14 -04:00
mpgn e2130c658c Bump aardwolf to 0.2.0 2022-10-24 15:02:42 -04:00
mpgn 132332a8fd add new color for asreproast account smb 2022-10-24 10:02:01 -04:00
mpgn d61d6f0339 add new color for asreproast account 2022-10-24 09:59:43 -04:00
mpgn b62bd670e0 Don't block if account not green 2022-10-24 09:11:45 -04:00
mpgn 70f8d973cf add KDC_ERR_PREAUTH_FAILED error 2022-10-24 09:01:30 -04:00
mpgn 5040ab6b40 ldap try catch + magenta 2022-10-24 08:55:48 -04:00
zblurx b9699ab078 fix output modifs on smb protocol 2022-10-24 14:55:07 +02:00
zblurx 53b612d317 adapt outputed creds 2022-10-24 14:12:32 +02:00
zblurx 3fb117d23a Merge branch 'master' of github.com:zblurx/CrackMapExec 2022-10-24 13:31:03 +02:00
zblurx b42cb70cd8 enhance kerberos auth to mssql 2022-10-24 13:30:07 +02:00
mpgn 0a218c534f add magenta color if user exist but connection KO 2022-10-24 05:43:52 -04:00
mpgn ef349a5309 refactor check if admin func to be comptatible with kerberos 2022-10-24 05:26:53 -04:00
mpgn fb1d7b181f add mssql kerberos login 2022-10-24 04:24:21 -04:00
mpgn 7dc90669d7 starting to add mssql kerberos login 2022-10-24 04:10:46 -04:00
mpgn 8e09a273d2
Merge branch 'master' into master 2022-10-23 21:29:30 +02:00
mpgn e0a9633485
Merge pull request #614 from swisskyrepo/master 
Add GMSA module
 2022-10-23 19:15:55 +02:00
mpgn f796a5f2f2 add port 636 if gmsa 2022-10-23 07:08:39 -04:00
mpgn 0a284bd2b0 remove message CCache file is not found + fix exec method with kerberos 2022-10-22 17:29:56 -04:00
mpgn ed2b2b261a fix for kerberoast function 2022-10-22 16:38:29 -04:00
mpgn 7b712dc3c0 fix check on arg gmsa 2022-10-21 04:02:34 -04:00
mpgn 7e0613c883 fix username to send to bh 2022-10-20 17:18:22 -04:00
mpgn 53f5791e7c Fix a lot things but good pr 2022-10-20 15:40:53 -04:00
zblurx c52031f344 change parameter name 2022-10-20 18:19:23 +02:00
zblurx e6250e1b98 change parameter name 2022-10-20 18:11:10 +02:00
zblurx f4485ff279 fix kerberos authentication 2022-10-20 18:08:30 +02:00
LuemmelSec 704471b366
Update teams_localdb.py 
Multi user support added.
Otherwise the file at /tmp/teams_cookies2.txt gets mangled up and you don't get back any results as sqlite3 can access it but won't find any content.
 2022-10-20 11:51:53 +02:00
Zak 51b3958175 Merge remote-tracking branch 'upstream/master' 2022-10-19 14:41:17 +02:00
mpgn 507d872c3d Update gmsa core function 2022-10-19 05:48:22 -04:00
Zak d55f7513d2 Merge remote-tracking branch 'upstream/master' 2022-10-18 22:29:04 +02:00
shoxxdj 590b236c45 🚀 Improve CMEDB after loosing too much time with workspace .. 2022-10-18 22:22:17 +02:00
Zak 2806c81d73 Add masky module 2022-10-18 22:19:35 +02:00
mpgn 74bbeee05a
Merge pull request #647 from R-Secure/master 
Added functionality to retrieve ssoauthookie from Microsoft Teams local db
 2022-10-18 20:42:53 +02:00
mpgn 7b9ce02f46 update module teams 2022-10-16 09:15:00 -04:00
Swissky 35cb0545e3
Merge branch 'master' into master 2022-10-14 19:17:04 +02:00
Swissky 42a4d7efbb GMSA moved in LDAP core 2022-10-14 19:13:17 +02:00
mpgn fcbd406773
Merge pull request #650 from jdouliez/master 
fix(#649) : Fix Wrong filename on RDP screenshot issue
 2022-10-13 14:58:14 +02:00
mpgn ff758fd6dd
Merge pull request #646 from bogey3/install_elevated 
Module to check for AlwaysInstallElevated
 2022-10-13 14:57:18 +02:00
mpgn d162d7b55c
Merge pull request #640 from Tw1sm/ntlmv1-module 
Module to check for NTLMv1 Compatibility
 2022-10-13 14:57:09 +02:00
mpgn 4ec7a2b4e9
Merge pull request #643 from ILightThings/cme_db_detailed 
Improved cmedb export function
 2022-10-13 14:56:59 +02:00
mpgn dad84132e2
Merge pull request #637 from d3lb3/keepass_trigger 
Add KeePass trigger abuse module
 2022-10-13 14:56:39 +02:00
mpgn d3162ee45a
Merge pull request #636 from d3lb3/master 
Add KeePass discovery module
 2022-10-13 14:56:29 +02:00
mpgn 1e5db5da61
Merge pull request #610 from BlWasp/dacledit 
Add the new daclread.py LDAP module and the msada_guids.py library
 2022-10-13 14:56:18 +02:00
mpgn 247de78541
Merge pull request #597 from guervild/mssql-upload-download 
Mssql upload / download
 2022-10-13 14:55:20 +02:00
mpgn 4f595fbbc7 Restart keepass to load cleaned config 2022-10-13 08:41:58 -04:00
mpgn 0fc010b0d5 Fix except error 2022-10-13 08:20:22 -04:00
Jordan DOULIEZ f3c9d5fbc6 fix(#649) : Fix Wrong filename on RDP screenshot (Mission extension) issue 2022-10-12 15:05:21 +02:00
R-Secure bbd606c067 Added functionality to retrieve the Microsoft Teams Cookies database and extract the ssoauthcookie 2022-10-11 06:44:22 -04:00
mpgn ea63b29000 update nanodump module for mssql 2022-10-10 16:22:09 -04:00
BlWasp acf1789f2f Add warning messages about non recursivity. 2022-10-10 14:25:55 +00:00
mpgn 927a82a554 parse keepass config file and extract password 2022-10-10 08:36:27 -04:00
mpgn 777a422888 add error with config setting not found 2022-10-10 05:57:26 -04:00
mpgn 521b55daee Update message for polling 2022-10-10 05:36:52 -04:00
mpgn 365abf8fb0 Update keepass module to set opsec safe to false 2022-10-10 05:32:47 -04:00
mpgn 4ba1085128 update import csv 2022-10-10 05:14:16 -04:00
bogey3 1629029d35
Update install_elevated.py 
Updated to display enabled when only the entry in HKLM is enabled as low privilege users can modify the HKCU and grant themselves permission.

Note that once the per-machine policy for AlwaysInstallElevated is enabled, any user can set their per-user setting.
https://learn.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated
 2022-10-07 16:25:56 -04:00
bogey3 8d92e34d66
Created install_elevated.py 
This module will check if the computer and the supplied user have AlwaysInstallElevated enabled.
 2022-10-07 15:55:58 -04:00
mpgn fc57723678
Merge pull request #642 from nurfed1/master 
LDAP protocol improvements and scan-network module bugfix
 2022-10-05 17:34:56 +02:00
JulienBedel 4aeb311e22 Fix PowerShell parsing after file search 2022-10-02 18:32:01 +02:00
mpgn 21b5adb138
Merge pull request #639 from RomanRII/master 
FTP Protocol Addition
 2022-09-25 18:21:15 +02:00
iLightThings c005d844e0
Merge branch 'master' into cme_db_detailed 2022-09-23 12:02:40 -04:00
iLightThings 854becfcd4 Changed computerID to computer 2022-09-23 11:28:16 -04:00
mpgn 105ad97947 quick fix cmedb export share 2022-09-22 18:24:27 -04:00
mpgn 35fb7f298f Update cmedb export function 2022-09-22 18:08:25 -04:00
mpgn 65796271c0 Merge branch 'export' 2022-09-22 18:06:37 -04:00
mpgn 4c5844890c Improve module scan network 2022-09-22 18:05:39 -04:00
mpgn 018bd9608a Update cmedb for shares 2022-09-22 18:05:18 -04:00
iLightThings 2077deae5a Removed Print 2022-09-22 10:31:43 -04:00
iLightThings 7daaed7847 Fixed a gltich where creds where manually entired. 2022-09-22 10:31:18 -04:00
iLightThings 74810a7165 Added notes 2022-09-22 09:46:17 -04:00
iLightThings fa3e4227b4 Refactored Hosts and Creds 2022-09-22 09:20:07 -04:00
iLightThings ca48229e32 Refactored export shares to use new write_csv func 2022-09-22 08:45:27 -04:00
iLightThings ba5a421b3e Added local admins. Made CSV write function. 2022-09-22 08:31:02 -04:00
mpgn 2cf755d215
Merge pull request #638 from ILightThings/cmedb_export_shares 
Cmedb export shares
 2022-09-22 12:25:21 +02:00
Bryan De Houwer b11bc43380 Fix cross domain kerberos authentication, kerberoasting and asreproasting issues 2022-09-21 15:08:31 +02:00
iLightThings 561d6b0a22 Refactored using existing functions. 2022-09-20 08:24:14 -04:00
Bryan De Houwer 286d8c2aca Fix inconsistencies between ldap login functions 2022-09-19 12:02:58 +02:00
nurfed1 b0731f6f2c
Merge branch 'master' into master 2022-09-19 09:06:23 +02:00
Bryan De Houwer f5ada644a9 Ensure --domain is provided with --no-smb argument 2022-09-19 01:12:22 +02:00
Bryan De Houwer f391b8a2a6 Bug fix: ensure DN is lowercase 2022-09-18 20:49:03 +02:00
mpgn eaf7096bde Update FTP proto 2022-09-18 07:35:29 -04:00
mpgn b277cd3b06 Better LDAP error message 2022-09-18 07:04:14 -04:00
Dramelac a4936729fe
Fix success logging when using LDAPS 2022-09-16 17:44:59 +02:00
Tw1sm 15638400ea include compatibilitylevel 2 2022-09-16 09:30:56 -05:00
Tw1sm 196d91c6bd added ntlmv1 check module 2022-09-15 17:51:54 -05:00
iLightThings 67a358b1de Using CSV module to write CSV file. 2022-09-12 12:12:57 +00:00
mpgn fad860df43 Update ntds dump with option user and enabled #455 2022-09-11 12:49:28 -04:00
Roman Rivas II f671ef1871
Add files via upload 2022-09-10 16:06:14 -07:00
mpgn 73b945341f
Merge pull request #613 from spyr0-sec/master 
whoami LDAP module
 2022-09-09 20:41:34 +02:00
iLightThings 2099d850cd refactor 2022-09-09 17:31:00 +00:00
iLightThings 715ab6fa59 Small fix 2022-09-09 17:11:50 +00:00
iLightThings 0592bd3395 Added export shares to cmedb 2022-09-09 17:04:14 +00:00
mpgn 91be977ebb update module ldap whoami 2022-09-08 15:04:04 -04:00
Bryan De Houwer 81d2061102 Fix identation 2022-09-08 20:15:31 +02:00
Bryan De Houwer 032945221f KerberosLogin resolve username 2022-09-08 20:14:50 +02:00
Bryan De Houwer 6a37fdca86 Fix ldap baseDN lookup and kdchost assumptions 2022-09-08 20:07:31 +02:00
mpgn 080d9e1d97
Merge pull request #608 from wlayzz/shebang_and_encoding 
Adding shebang and encoding utf-8 for all python files
 2022-09-07 21:05:56 +02:00
mpgn 1bc2cd2dad Add module scan-subnet 2022-09-07 10:51:56 -04:00
JulienBedel be5883a6a1 Fix typo in log messages 2022-09-04 15:13:43 +02:00
JulienBedel 904e0e7f29 Add keepass_trigger module 2022-09-04 14:29:41 +02:00
Julien Bedel 6d762f1766
Fix typo 2022-09-03 23:14:47 +02:00
JulienBedel 8248e6007d Add keepass_discover module 2022-09-03 19:39:34 +02:00
spyr0 8acbc3bba2 Never logged on handling 2022-08-11 12:10:19 +01:00
spyr0 653a710759 Added ServicePrincipalNames 2022-08-11 11:12:31 +01:00
spyr0 293e9a9164 Added SamAccountName option, more attributes and error handling 2022-08-11 10:54:05 +01:00
Swissky 89417b909e Add GMSA module 2022-08-09 17:09:17 +02:00
spyr0 d520ecc7a5 Fixed description output 2022-08-08 17:18:45 +01:00
spyr0 b9e3e2ea40 whoami LDAP module 2022-08-08 16:47:57 +01:00
BlWasp 175b5b29d0 Add the new daclread.py module and the msada_guids.py library 2022-07-30 12:35:55 +00:00
snovvcrash a9e56a063e
Fix subnets module 2022-07-22 18:48:51 +03:00
mpgn 3524b4e5bb
Update gpp password module 2022-07-21 14:43:30 +02:00
mpgn 177dceded8 Fix infinit loop for module hash_spider 2022-07-19 06:45:38 -04:00
Wlayzz b57ba767f8 Adding shebang and encoding utf-8 for all python files 2022-07-19 01:59:14 +02:00
mpgn fad09bd6b0 Update spider hash module to work with local auth and add reset option 2022-07-18 17:18:40 -04:00
pgormanDS 6f24cb2023
Update hash_spider.py 2022-07-16 09:20:51 -05:00
pgormanDS cb98872bfa
Merge branch 'Porchetta-Industries:master' into master 2022-07-16 09:20:25 -05:00
Defte b08f9ac64d
Update impersonate.py 2022-07-09 18:34:35 +02:00
mpgn dbc45def20 Update code 2022-07-08 07:58:14 -04:00
LuemmelSec b571158953
Create ldap-checker.py 
Added a module to check for LDAP signing and channel binding settings.
 2022-07-08 01:46:11 +02:00
mpgn 6a447a581c remove try catch #602 2022-07-06 11:17:24 -04:00
mpgn 94a28cd184 revert back to pywerview 0.3.3 for better compatibility 2022-07-06 09:52:53 -04:00
mpgn 560eae7e49 fix small bug with kerberoasting 2022-07-06 09:35:20 -04:00
pixis e8947d60d4 lsassy v3.1.3 2022-07-06 10:11:23 +02:00
Defte 01ad4e24a3
Add files via upload 2022-07-04 13:44:35 +01:00
choi 9e1cabada5 add shadowcoerce module 2022-06-29 19:11:46 -04:00
guervild 6e27377b90
Update mssql database.py 2022-06-29 14:14:03 +02:00
guervild 34b0683b94
Add nanodump to support MSSQL 2022-06-29 13:44:56 +02:00
guervild d09e68fd6d
Add upload/download function to mssql 2022-06-29 13:44:41 +02:00
choi 1f2cfefc9a add dfscoerce module 2022-06-29 02:09:52 -04:00
lap1nou 24cd26cca9 Fixed LDAPS with Kerberos 2022-06-28 21:12:09 +02:00
mpgn 593062ecfb
Merge pull request #569 from T1erno/master 
Added Termux support
 2022-06-26 21:34:14 +02:00
Dimitri Lesy e7dda670d0 Remove duplicate logic 2022-06-24 01:28:59 +02:00
Dimitri Lesy 82d5c9b500 Ensure correct domain name 2022-06-24 01:24:36 +02:00
Dimitri Lesy a6761bfa50 Add nanodump results to cmedb 2022-06-24 01:04:39 +02:00
XiaoliChan 5423728d15
[rdp.py] port redirect to "self.args.port" 2022-06-23 21:16:36 +08:00
mpgn 0e91f0467f Use forked impacket for mssql 2022-06-23 06:02:00 -04:00
T1erno 9393131de1 Added Termux support 2022-06-22 16:17:15 -05:00
mpgn e82955b7e8 Remove print from rdp 2022-06-22 04:25:01 -04:00
mpgn 7b8473a82d Fix rdp local-auth issue 2022-06-21 15:38:25 -04:00
mpgn c47c77ce2e Fix cmedb issue 2022-06-21 05:45:57 -04:00
mpgn 886b390904 Update cmedb 2022-06-20 10:37:46 -04:00
mpgn 52bc18c548 Cleanup cme 2022-06-20 07:53:30 -04:00
mpgn 75e19ae4b2
Merge pull request #545 from Serizao/master 
Add smbv1 and signing into sqlite database
 2022-06-18 23:50:18 +02:00
mpgn e3c8aa2966
Update db_navigator.py 2022-06-18 23:49:57 +02:00
mpgn 44e7ff155d finish adding smbv1 and signing into cmedb 2022-06-18 17:43:09 -04:00
mpgn 8a6b82a410
Merge branch 'master' into master 2022-06-18 23:14:24 +02:00
mpgn a534e244bd Merge branch 'nanodump' 2022-06-18 17:11:32 -04:00
mpgn 3a6451a4c5 Recompile the binaries x64 and x86 2022-06-18 17:05:26 -04:00
mpgn a72b1dbd08 Update dependency to latest version 2022-06-18 17:00:40 -04:00
mpgn f8bfe833d8 Smbexec improvement "STATUS_OBJECT_NAME_NOT_FOUND" with server 2019 
https://github.com/SecureAuthCorp/impacket/issues/777#issuecomment-1048253251
 2022-06-18 17:00:40 -04:00
mpgn 708e76d17a
Merge pull request #572 from shoxxdj/master 
🚀 add support for filter user when searching for loggedon
 2022-06-18 22:47:53 +02:00
Dimitri Lesy edf5722d46
Merge branch 'byt3bl33d3r:master' into master 2022-06-18 02:59:02 +02:00
Dimitri Lesy 649917ee6b Write hostname, architecture and domain in the file name 2022-06-18 02:56:55 +02:00
Dimitri Lesy e8fee88ac7 Determine architecture using os_arch 2022-06-18 00:05:27 +02:00
whipped 71bbe5fae0
Update winrm.py 2022-06-17 23:00:12 +01:00
Dimitri Lesy 942a9a7a7f Determine architecture using os_arch 2022-06-17 23:50:21 +02:00
whipped 7202fd8a46
Merge branch 'master' into winrm_ssl_options 2022-06-17 22:04:11 +01:00
mpgn 9e2846ca22
Merge pull request #561 from Gianfrancoalongi/sqlite3-crash 
Stop crackmapexec crashing from concurrency-issues (tested with SMB-mode)
 2022-06-17 22:14:09 +02:00
mpgn 055eb25c71
Merge pull request #570 from snovvcrash/codec 
Add -codec execution option
 2022-06-17 22:12:54 +02:00
Gianfranco Alongi def9d4a562
Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) (#560) 
* Fixed instability issues based - the smb mode will now not crash on
 SMB object not having _Connection
 NetBIOSTimeout
 UnsupportedFeature

* Forgotten return statement

* Improved logging logic

* Improved logging
 2022-06-17 22:11:28 +02:00
mpgn 75abd6148c
Merge pull request #552 from fang0654/master 
Added module for finding other network addresses on a host via WMI
 2022-06-17 22:10:10 +02:00
Dimitri Lesy 350ee7f2b5 Support Unicode 2022-06-17 19:19:38 +02:00
Dimitri Lesy e5d1d0c154 Support Unicode 2022-06-17 19:15:24 +02:00
Dimitri Lesy 97093f448a Fix little typo 2022-06-03 16:01:02 +02:00
Dimitri Lesy 7b8c1ffe64 NanoDump bugfixes and additions 2022-06-03 15:55:29 +02:00
shoxxdj d3b88088fc 🚀 add support for filter user when searching for loggedon 2022-04-27 11:04:23 +02:00
Sam Frees1de f183b6bcc1 Add -codec execution option 2022-04-26 16:58:03 +03:00
mpgn 58c7ff3acf Add nla output 2022-04-20 04:56:42 -04:00
mpgn 6e1f1326fb Add nla output 2022-04-20 04:34:49 -04:00
mpgn 6905795272 Add pip for aardwolf 2022-04-20 03:41:15 -04:00
Gianfranco Alongi 355b75e21f Stop crackmapexec from crashing completely when concurrency issues cause lock-contention on the database - in SMB-mode. 2022-04-03 13:38:48 +02:00
mpgn 877741c2f6 Update RDP protocol to support NLA 2022-04-01 10:02:34 -04:00
Kevin Pascoe c2d33c958e Add SSL support to winrm protocol 2022-03-31 11:52:08 +01:00
mpgn a2ae85a376 Change timeout to 10 for RDP screenshot 2022-03-15 06:43:31 -04:00
mpgn c4bd3f8490 Better error message on rdp protocol 2022-03-13 08:08:53 -04:00
mpgn bef7c4e172 Add screenshot option for RDP protocol 2022-03-13 08:01:04 -04:00
mpgn bfb40f2d4f Update RDP protocol and adding better error message 2022-03-12 06:54:40 -05:00
Dan Lawson 8eb340a1f7 Added module for finding other network addresses on a host via WMI 2022-03-11 17:00:25 -06:00
mpgn 3f08b96581 Bump to version 5.2.6 2022-03-07 13:35:57 -05:00
mpgn a04e20d6fc Update ldap #542 2022-03-06 11:58:20 -05:00
mpgn 47e6521822 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2022-03-06 11:07:19 -05:00
mpgn e9bcd09bd2
Merge pull request #549 from coffeegist/bugfix/no-attribute-filesrv-response 
Add necessary class for success when calling EfsRpcEncryptFileSrv from PetitPotam
 2022-03-06 17:04:39 +01:00