swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,547 Commits
2 Branches
0 Tags
13 MiB
Commit Graph

480 Commits (4879895a02af4517c30eff1d598d567859aee75c)

Author SHA1 Message Date
mpgn b2bcbe0ade Fix issue #667 with use-kcache option 2022-11-03 16:04:46 -04:00
mpgn 83180a6b68 ldap better error message 2022-11-03 15:56:38 -04:00
mpgn 49d68e0269 fix error with connection outside dc 2022-11-03 15:29:56 -04:00
mpgn 37f2555ab7 Merge branch 'screenrdp' into rdp 2022-11-02 15:39:17 -04:00
mpgn 33a3c61242 update rdp proto 2022-11-02 15:39:14 -04:00
lap1nou 4fabd0843a Added an NLA disabled screenshot function 2022-11-02 18:47:32 +01:00
mpgn 6a31c588a2 update ldap proto and add func get domain sid 2022-11-01 18:20:14 -04:00
Julio Ureña 3eb80ae534
Modify logging output when putting files 
Added \\ to match the correct display of the file and path.
 2022-11-01 08:10:55 -04:00
Julio Ureña cc72c6c868
Remove @requires_admin from get_file and put_file 
The @requires_admin flag prevents non-admin users who have Read and Write access to a shared folder from performing any operations.
 2022-11-01 07:29:56 -04:00
mpgn a36d3145e1
Merge pull request #655 from zblurx/master 
Fix kerberos authentication and add kerbrute
 2022-10-31 13:34:03 +01:00
mpgn 3942eab31b update a little bit 2022-10-31 08:33:41 -04:00
mpgn 9c66f29474
Merge branch 'master' into rdp 2022-10-28 15:22:28 +02:00
mpgn dc6b023456 update RDP protocol 2022-10-27 16:43:52 -04:00
mpgn fedbfaf1f5 Change default order of exec method for smb 2022-10-27 15:40:34 -04:00
mpgn abc288234b Fix ldap with null binding thx @juliourena 2022-10-26 08:58:51 -04:00
mpgn 87108d4878
Merge pull request #658 from Porchetta-Industries/mssql-uaht 
Fix regression for mssql with local_auth thx @juliourena
 2022-10-24 21:26:55 +02:00
mpgn a3b3ab9e92 Fix regression for mssql with local_auth thx @juliourena 2022-10-24 15:20:14 -04:00
mpgn e2130c658c Bump aardwolf to 0.2.0 2022-10-24 15:02:42 -04:00
mpgn 132332a8fd add new color for asreproast account smb 2022-10-24 10:02:01 -04:00
mpgn d61d6f0339 add new color for asreproast account 2022-10-24 09:59:43 -04:00
mpgn b62bd670e0 Don't block if account not green 2022-10-24 09:11:45 -04:00
mpgn 70f8d973cf add KDC_ERR_PREAUTH_FAILED error 2022-10-24 09:01:30 -04:00
mpgn 5040ab6b40 ldap try catch + magenta 2022-10-24 08:55:48 -04:00
zblurx b9699ab078 fix output modifs on smb protocol 2022-10-24 14:55:07 +02:00
zblurx 53b612d317 adapt outputed creds 2022-10-24 14:12:32 +02:00
zblurx 3fb117d23a Merge branch 'master' of github.com:zblurx/CrackMapExec 2022-10-24 13:31:03 +02:00
zblurx b42cb70cd8 enhance kerberos auth to mssql 2022-10-24 13:30:07 +02:00
mpgn 0a218c534f add magenta color if user exist but connection KO 2022-10-24 05:43:52 -04:00
mpgn ef349a5309 refactor check if admin func to be comptatible with kerberos 2022-10-24 05:26:53 -04:00
mpgn fb1d7b181f add mssql kerberos login 2022-10-24 04:24:21 -04:00
mpgn 7dc90669d7 starting to add mssql kerberos login 2022-10-24 04:10:46 -04:00
mpgn 8e09a273d2
Merge branch 'master' into master 2022-10-23 21:29:30 +02:00
mpgn f796a5f2f2 add port 636 if gmsa 2022-10-23 07:08:39 -04:00
mpgn 0a284bd2b0 remove message CCache file is not found + fix exec method with kerberos 2022-10-22 17:29:56 -04:00
mpgn ed2b2b261a fix for kerberoast function 2022-10-22 16:38:29 -04:00
mpgn 7b712dc3c0 fix check on arg gmsa 2022-10-21 04:02:34 -04:00
mpgn 7e0613c883 fix username to send to bh 2022-10-20 17:18:22 -04:00
mpgn 53f5791e7c Fix a lot things but good pr 2022-10-20 15:40:53 -04:00
zblurx f4485ff279 fix kerberos authentication 2022-10-20 18:08:30 +02:00
mpgn 507d872c3d Update gmsa core function 2022-10-19 05:48:22 -04:00
Swissky 35cb0545e3
Merge branch 'master' into master 2022-10-14 19:17:04 +02:00
Swissky 42a4d7efbb GMSA moved in LDAP core 2022-10-14 19:13:17 +02:00
mpgn fcbd406773
Merge pull request #650 from jdouliez/master 
fix(#649) : Fix Wrong filename on RDP screenshot issue
 2022-10-13 14:58:14 +02:00
mpgn 4ec7a2b4e9
Merge pull request #643 from ILightThings/cme_db_detailed 
Improved cmedb export function
 2022-10-13 14:56:59 +02:00
mpgn 247de78541
Merge pull request #597 from guervild/mssql-upload-download 
Mssql upload / download
 2022-10-13 14:55:20 +02:00
mpgn 0fc010b0d5 Fix except error 2022-10-13 08:20:22 -04:00
Jordan DOULIEZ f3c9d5fbc6 fix(#649) : Fix Wrong filename on RDP screenshot (Mission extension) issue 2022-10-12 15:05:21 +02:00
mpgn fc57723678
Merge pull request #642 from nurfed1/master 
LDAP protocol improvements and scan-network module bugfix
 2022-10-05 17:34:56 +02:00
mpgn 21b5adb138
Merge pull request #639 from RomanRII/master 
FTP Protocol Addition
 2022-09-25 18:21:15 +02:00
iLightThings c005d844e0
Merge branch 'master' into cme_db_detailed 2022-09-23 12:02:40 -04:00
mpgn 105ad97947 quick fix cmedb export share 2022-09-22 18:24:27 -04:00
mpgn 65796271c0 Merge branch 'export' 2022-09-22 18:06:37 -04:00
mpgn 018bd9608a Update cmedb for shares 2022-09-22 18:05:18 -04:00
iLightThings ba5a421b3e Added local admins. Made CSV write function. 2022-09-22 08:31:02 -04:00
Bryan De Houwer b11bc43380 Fix cross domain kerberos authentication, kerberoasting and asreproasting issues 2022-09-21 15:08:31 +02:00
Bryan De Houwer 286d8c2aca Fix inconsistencies between ldap login functions 2022-09-19 12:02:58 +02:00
nurfed1 b0731f6f2c
Merge branch 'master' into master 2022-09-19 09:06:23 +02:00
Bryan De Houwer f5ada644a9 Ensure --domain is provided with --no-smb argument 2022-09-19 01:12:22 +02:00
mpgn eaf7096bde Update FTP proto 2022-09-18 07:35:29 -04:00
mpgn b277cd3b06 Better LDAP error message 2022-09-18 07:04:14 -04:00
Dramelac a4936729fe
Fix success logging when using LDAPS 2022-09-16 17:44:59 +02:00
mpgn fad860df43 Update ntds dump with option user and enabled #455 2022-09-11 12:49:28 -04:00
Roman Rivas II f671ef1871
Add files via upload 2022-09-10 16:06:14 -07:00
Bryan De Houwer 81d2061102 Fix identation 2022-09-08 20:15:31 +02:00
Bryan De Houwer 032945221f KerberosLogin resolve username 2022-09-08 20:14:50 +02:00
Bryan De Houwer 6a37fdca86 Fix ldap baseDN lookup and kdchost assumptions 2022-09-08 20:07:31 +02:00
Wlayzz b57ba767f8 Adding shebang and encoding utf-8 for all python files 2022-07-19 01:59:14 +02:00
mpgn 6a447a581c remove try catch #602 2022-07-06 11:17:24 -04:00
mpgn 94a28cd184 revert back to pywerview 0.3.3 for better compatibility 2022-07-06 09:52:53 -04:00
mpgn 560eae7e49 fix small bug with kerberoasting 2022-07-06 09:35:20 -04:00
guervild 6e27377b90
Update mssql database.py 2022-06-29 14:14:03 +02:00
guervild d09e68fd6d
Add upload/download function to mssql 2022-06-29 13:44:41 +02:00
lap1nou 24cd26cca9 Fixed LDAPS with Kerberos 2022-06-28 21:12:09 +02:00
XiaoliChan 5423728d15
[rdp.py] port redirect to "self.args.port" 2022-06-23 21:16:36 +08:00
mpgn 0e91f0467f Use forked impacket for mssql 2022-06-23 06:02:00 -04:00
mpgn e82955b7e8 Remove print from rdp 2022-06-22 04:25:01 -04:00
mpgn 7b8473a82d Fix rdp local-auth issue 2022-06-21 15:38:25 -04:00
mpgn c47c77ce2e Fix cmedb issue 2022-06-21 05:45:57 -04:00
mpgn 75e19ae4b2
Merge pull request #545 from Serizao/master 
Add smbv1 and signing into sqlite database
 2022-06-18 23:50:18 +02:00
mpgn e3c8aa2966
Update db_navigator.py 2022-06-18 23:49:57 +02:00
mpgn 44e7ff155d finish adding smbv1 and signing into cmedb 2022-06-18 17:43:09 -04:00
mpgn f8bfe833d8 Smbexec improvement "STATUS_OBJECT_NAME_NOT_FOUND" with server 2019 
https://github.com/SecureAuthCorp/impacket/issues/777#issuecomment-1048253251
 2022-06-18 17:00:40 -04:00
mpgn 708e76d17a
Merge pull request #572 from shoxxdj/master 
🚀 add support for filter user when searching for loggedon
 2022-06-18 22:47:53 +02:00
whipped 71bbe5fae0
Update winrm.py 2022-06-17 23:00:12 +01:00
whipped 7202fd8a46
Merge branch 'master' into winrm_ssl_options 2022-06-17 22:04:11 +01:00
mpgn 055eb25c71
Merge pull request #570 from snovvcrash/codec 
Add -codec execution option
 2022-06-17 22:12:54 +02:00
Gianfranco Alongi def9d4a562
Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) (#560) 
* Fixed instability issues based - the smb mode will now not crash on
 SMB object not having _Connection
 NetBIOSTimeout
 UnsupportedFeature

* Forgotten return statement

* Improved logging logic

* Improved logging
 2022-06-17 22:11:28 +02:00
shoxxdj d3b88088fc 🚀 add support for filter user when searching for loggedon 2022-04-27 11:04:23 +02:00
Sam Frees1de f183b6bcc1 Add -codec execution option 2022-04-26 16:58:03 +03:00
mpgn 58c7ff3acf Add nla output 2022-04-20 04:56:42 -04:00
mpgn 6e1f1326fb Add nla output 2022-04-20 04:34:49 -04:00
mpgn 6905795272 Add pip for aardwolf 2022-04-20 03:41:15 -04:00
mpgn 877741c2f6 Update RDP protocol to support NLA 2022-04-01 10:02:34 -04:00
Kevin Pascoe c2d33c958e Add SSL support to winrm protocol 2022-03-31 11:52:08 +01:00
mpgn a2ae85a376 Change timeout to 10 for RDP screenshot 2022-03-15 06:43:31 -04:00
mpgn c4bd3f8490 Better error message on rdp protocol 2022-03-13 08:08:53 -04:00
mpgn bef7c4e172 Add screenshot option for RDP protocol 2022-03-13 08:01:04 -04:00
mpgn bfb40f2d4f Update RDP protocol and adding better error message 2022-03-12 06:54:40 -05:00
mpgn a04e20d6fc Update ldap #542 2022-03-06 11:58:20 -05:00
mpgn 47e6521822 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2022-03-06 11:07:19 -05:00
mpgn 9abfb17d4e Update ldap #542 2022-03-06 10:59:31 -05:00
mpgn b770c59cdc Update rdp protocol 2022-03-06 10:55:24 -05:00
mpgn 2467a57792
Merge pull request #546 from qtc-de/bug/mssql-check-if-admin 
Fix mssql check_if_admin function
 2022-03-06 13:14:24 +01:00
TNeitzel 4dc4fd72c2 Add STATUS_NO_SUCH_FILE to success status 
When the remote server returns a STATUS_NO_SUCH_FILE message, cme
interprets the login credentials as wrong. However, impackets
smbserver.py proves that this can be wrong.
 2022-03-03 21:52:37 +01:00
TNeitzel 0e3c792b9c Fix mssql check_if_admin function 
The check_if_admin function from mssql.py takes an additional auth
parameter, that is actually not used. Other parts of the code are
calling the function without the parameter, which leads to an error when
enumerating mssql endpoints. By simply removing the parameter and fixing
the locations that use it, the issue gets resolved.
 2022-03-03 21:25:03 +01:00
Serizao b7e2d686d3
Update database.py 2022-03-02 08:11:38 +01:00
Serizao 19523a75b5
Update database.py 2022-03-02 08:07:20 +01:00
Serizao 998b6a4f36
Update smb.py 2022-03-02 08:04:35 +01:00
Serizao b6acf4f4e3
Update database.py 2022-03-02 08:01:58 +01:00
Serizao 955ff4e4d3
Update smb.py 2022-03-02 08:00:26 +01:00
mpgn bebf4b1895 Add first version of new RDP protocol 2022-02-28 17:18:53 -05:00
mpgn e15ae44c81 Push from public repo 2022-02-27 08:08:30 -05:00
mpgn fc3df056a0 Update option for ldap protocol with --no-smb 2022-02-27 08:00:44 -05:00
mpgn f7ab07bbcc Add lsa and sam function to winrm 2022-02-23 15:09:49 -05:00
mpgn b713723269 Add laps function for WinRM 2022-02-11 16:38:39 -05:00
mpgn 8d665375a8 Improve laps core functon 2022-02-10 16:36:07 -05:00
mpgn c3dec653d4 Add check for audit mode #523 2022-02-07 16:19:46 -05:00
mpgn 47dd3cdfc2 Add audit mode #523 2022-02-06 17:56:41 -05:00
HynekPetrak fdc2aadf2b sanitize IPv6 in a file name 2022-02-06 16:44:06 -05:00
mpgn 19a5896c1e Fix issue when local account is used with bh #533 2022-02-06 07:33:49 -05:00
mpgn 394fcb3796 Impriove support for kerberos on ldap 2022-01-19 13:36:33 -05:00
mpgn 766ee48328 Fix kerberos ntds dump 2022-01-19 13:13:05 -05:00
mpgn d90709bd97 Fix exception 2021-12-18 15:33:46 -05:00
mpgn 66621b9014 Merger master public to sponsor version 2021-12-17 15:45:21 -05:00
mpgn 0280c5d781
Merge pull request #514 from brightio/patch-1 
Fix a number of unhandled expections in cme/protocols/smb.py
 2021-12-17 21:43:20 +01:00
brightio 2628a427d8
Fix a number of unhandled expections in cme/protocols/smb.py 2021-12-11 14:57:37 +01:00
mpgn e979dfe4f9 Add bloodhound core feature 2021-11-20 16:37:14 -05:00
mpgn b31ffc1a64 Improve laps core function 2021-11-17 07:37:20 -05:00
Dliv3 a4c7680fc6 Fix winrm login failed 2021-11-09 20:19:06 +08:00
mpgn 0f5fe00f9e Fix ldap kerberos login 2021-11-01 14:27:14 -04:00
mpgn 23b0ff2a0c Add parameter to laps option 2021-10-17 14:41:20 -04:00
mpgn fcddee656e Update laps core function 2021-10-17 11:50:29 -04:00
mpgn ef1e5d3fb1 Add laps option to smb proto first version 2021-10-16 18:08:07 -04:00
mpgn 6e1e254a60 Add protocol and port regarding the protocol and port used 2021-10-16 15:37:06 -04:00
mpgn e75b4b2e16 Update ldap protocol: function users() and groups() 2021-10-16 11:41:04 -04:00
mpgn e040752503 add debug print for smbexec method 2021-09-26 15:24:09 -04:00
mpgn 0000854b82 Remove filess method 2021-09-21 11:21:40 -04:00
mpgn 2942be1188 Add timeout to smb connection to 2 sec by default, much much better 2021-09-21 11:21:16 -04:00
mpgn 2f0fc12cde Bump CME to version 5.2.0 2021-09-19 10:23:26 -04:00
mpgn fdf6cd31db
Merge pull request #2 from mpgn/dev3 
Push dev branch to master
 2021-09-18 23:04:16 +02:00
mpgn fdab5c545f Update ldap protocol message 2021-09-18 17:02:01 -04:00
mpgn 53a51a02f2 Fix #464 thanks Wil 2021-09-18 22:44:48 +02:00
mpgn a31d03a99a Fix #486 with ntds dump thx @b13bs 2021-09-18 22:44:48 +02:00
mpgn d5a005898e Improve LDAP protocol 
- improve authentification status error
- check if user is on a juicy group
 2021-07-02 04:50:41 -04:00
mpgn c3516fe9d5 Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec 2021-06-28 13:25:31 -04:00
mpgn 091915b990 Fix and add a lot, check commit message 
Update LDAP proto:
	- can fetch a LDAP domain from an account from another domain (trust relation between forest)
	- fix sizeLimit to unlimited on LDAP queries
	- fix little mistake in LDAP modules

Update SMB proto:
	- fix users function when DC is vulnerable to NULL SESSION
	- add SAMRPC function to fetch users on the domain
	- add option --computers to fetch all computers

Update CLI
	- add function export, but it's not tested
 2021-06-24 14:38:24 -04:00
mpgn 9104e18f7e Add port option to WinRM protocol #469 2021-05-30 16:49:12 -04:00
mpgn 215c479957 Fix spelling mistake 2021-05-30 16:28:37 -04:00
mpgn 3b5c912e68
Merge pull request #450 from nodauf/patch-1 @nodauf 
Add option --password-not-required
 2021-05-30 21:19:35 +02:00
mpgn 3ade69abed
Fix missing try catch on --shares option 
Thx to @0xdf report !
 2021-04-02 19:25:06 +02:00
mpgn d2f0b66ae4 Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X 2021-02-28 09:48:50 -05:00
mpgn 627966e227 Small code Refactoring for ldap protocol 2021-01-29 18:25:39 -05:00
mpgn ba91408c74 Fix smb error not correctly catched 2021-01-29 11:30:05 -05:00
mpgn b2a53dc896 Better null session handle 2021-01-29 05:53:40 -05:00
mpgn d53343369b Fix function name sessions option 2021-01-27 05:49:23 -05:00
nodauf 0487e55234
Add option --password-not-required 
Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD. With this flag the user is not subject to a possibly existing policy regarding the length of password. So he can have a shorter password than it is required, or it may even have no password at all, even if empty passwords are not allowed
 2021-01-23 12:21:33 +01:00
mpgn 567ed8d8c3 Add option --users and --groups to LDAP protocol 2021-01-21 09:45:55 -05:00
mpgn 95aad485fb Fix issue #412 2021-01-21 05:28:56 -05:00
mpgn 719f18ac78 Fix cmedb encoding error #439 2021-01-21 05:08:06 -05:00
mpgn 908d074815 Catch exception if domain controller not found --kdcHost 2021-01-21 03:54:26 -05:00
mpgn af2dc05b7e Add --continue-on-success option to ldap protocol 2021-01-21 03:47:45 -05:00
mpgn 7210bc1eae Add better error management for --shares 2020-12-09 17:12:58 -05:00
mpgn b0aa66a074 Fix encode error on spider option #430 2020-11-27 18:46:41 -05:00
mpgn cc7573155f Fix pass policy max password age #435 2020-11-27 15:51:09 -05:00
byt3bl33d3r cb5c8855ed Version 5.1.3 🔥 
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
  give you a completion percentage and the number of hosts remaining to
  scan
 2020-11-15 16:42:28 -07:00
Dliv3 50bebac056 Fix mssql enum host info error 2020-10-01 22:46:13 +08:00
Dliv3 7dde1a13f6 Update mssql check_if_admin 2020-10-01 16:12:16 +08:00
mpgn 6885d9fd30 Add local-auth flag for MSSQL proto 2020-09-06 15:38:29 -04:00
mpgn bd549d0e6f Fix false positive on ckec_if_admin func MSSQL 2020-09-06 10:09:44 -04:00
mpgn 74ddbe7545 Fix check_if_admin() function for mssql 2020-09-06 09:30:03 -04:00
mpgn e47b110603 Improve MSSQL login 2020-09-06 09:21:38 -04:00
mpgn 8785f5d3f4
option --ntds doesn't require to be admin anymore check #408 2020-08-12 17:27:53 +02:00
mpgn ce8094045d Add more compatibility for windows exe 
- decrease winrm timeout to 3 seconds so @IppSec 's videos
 tlast less time :)
 -- add ico to cme exe
 -- add option smb-server-port to make cme compatible with windows
 2020-07-30 15:14:31 +02:00
mpgn 1aa2f8cc0f Fix winrm uninitialized variable and hash auth option 2020-07-28 10:16:06 -04:00
mpgn d80c4bf39c Fix some logic error using option asreproast #398 2020-06-30 16:49:11 -04:00
mpgn 2fd9ac50e4 Add ntlm hash auth with ldap protocol 2020-06-22 06:25:32 -04:00
mpgn 4120883f6d Add hash auth with winrm protocol 2020-06-22 06:25:00 -04:00
mpgn 56f1f9dd93 Login return False only if NT_STATUS_LOGON_FAILURE 2020-06-21 15:21:07 -04:00
mpgn 280d497b0d Add conditional check on the func login() 
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
 2020-06-20 18:16:37 -04:00
mpgn 8f2ef3fdaf Add color when smb status is not ACCESS_DENIED #391 2020-06-20 13:20:27 -04:00
mpgn 648d756701 Improve os import for ldap protocol 2020-06-20 06:30:25 -04:00
mpgn c590230f97 Clean authentication fail message on winrm protocol when ntlm error 2020-06-20 06:26:32 -04:00
mpgn b8c505c234 Improve output of protocol winrm 2020-06-20 06:20:53 -04:00
mpgn 046056d273 Add option --continue-on-success to smb protocol 2020-06-20 06:10:05 -04:00
mpgn 5b6d66950f Fix ssh authentication error and update option for unconstrainte delegation to --trusted-for-delegation 2020-06-20 05:56:55 -04:00
mpgn 957820e339 Fix ldap protocol os import 2020-06-19 17:57:09 -04:00
mpgn ad4f06918b Refactor the ldap module and add option --admin-count and --trusted-for-auth 2020-06-19 17:31:34 -04:00
mpgn e5d1942251 Add kerberoasting and asrepoast attack with LDAP protocol 2020-06-19 09:20:22 -04:00
Alexandre Beaulieu 4a19d4dc32
feat(ssh): Add support for publickey authentication. 2020-05-21 09:03:12 -04:00
mpgn 8931ec2300 Add Windows spec file to compile CME for Windows 2020-05-10 20:06:08 +02:00
mpgn b796000343 Fix issue #321 option --continue-on-success 2020-05-09 09:36:31 -04:00
mpgn 3e1fa0f258 Fix local-auth authentication 2020-05-09 08:20:53 -04:00
mpgn d3a7effb86 Fix ssh issue #375 2020-05-09 07:59:53 -04:00
mpgn b778306cc1 Always print FQDN 2020-05-05 12:13:32 -04:00
mpgn 3b57fb0869 Add checkifadmin() for Kerberos auth #22 2020-05-05 12:11:18 -04:00
mpgn 1820cc1ffb Show FQDN instead of domain name 2020-05-04 15:30:56 -04:00
mpgn 622245dcfa Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support 
add error when not credential foud on lsassy module #368
 2020-05-04 13:23:41 -04:00
mpgn 1308bc30c8 Adding Kerberos support for CME #22 
TODO
- aeskey
- dc-ip
- checkifadmin()
 2020-05-03 14:30:41 -04:00
mpgn c3c9b2f04a Remove useless code #364 2020-05-01 17:31:54 -04:00
mpgn 580018050c Add better logic to MSSQL connection #364 2020-05-01 17:18:25 -04:00
mpgn c5be1e5234 Add exception handler when login fails on MSSQL protocol #364 2020-05-01 17:11:54 -04:00
mpgn bfe1d5b7c3 Fix uninitialized variable #363 2020-05-01 14:33:18 -04:00
mpgn 062e312fd5 Add try catch for issue #363 2020-05-01 14:20:55 -04:00
mpgn 4dc4892660 Check if output is byte before decoding 2020-04-30 13:56:34 -04:00
mpgn 74792ce712 Add option --no-bruteforce allowing credentials spraying without bruteforce 
cme accept user file and password file and works like this:
user1 -> pass1
      -> pass2
user2 -> pass1
      -> pass2

Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
 2020-04-30 10:06:57 -04:00
mpgn 78c5d9ebd9 Update WINRM authentication option 
If you want to avoind SMB connection use the flag -d DOMAIN
 2020-04-29 06:28:47 -04:00
mpgn 479ae1f721 Update MSSQL protocol for windows authentication #306 
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
 2020-04-29 05:56:11 -04:00
mpgn f58a10124d Update winrm method to allows code execution from normal user 
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275

we switch from pywinrm to pypsrp
 2020-04-28 15:30:18 -04:00
mpgn e9a5841731 Fix typo on put-file function 2020-04-28 12:28:25 -04:00
mpgn f84035fa7a Add function get-file and put-file 2020-04-28 12:22:30 -04:00
mpgn 356b020cb3 Fix winrm warning from pywinrm 2020-04-28 07:24:01 -04:00
mpgn 63cf5af003 Fix smbexec function #269 2020-04-28 06:19:33 -04:00
mpgn 18c438993c Fix ssh connection #351 2020-04-28 06:11:16 -04:00
mpgn ba04528738 Add feature: file as argument for -x and -X command #269 2020-04-27 16:38:30 -04:00
mpgn f19f137b0d Fix smbexec.py decode error 2020-04-22 11:04:22 -04:00
byt3bl33d3r 6c0228f403 Fixed dependency hell, added Github actions workflow 
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
  dependency
 2020-04-20 13:19:55 -03:00
sw ed8c91ab60 changed comparison operators that generate syntax warnings 2020-04-20 03:22:03 +03:00
byt3bl33d3r 7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1 
Fix false positive signing disabled with SMB2/3
 2020-04-19 14:36:59 -03:00
byt3bl33d3r 498f3fc197
Merge pull request #327 from noraj/patch-1 
lsa secrets: dump file extension
 2020-04-19 14:32:48 -03:00
Alexandre ZANNI 18634423f3
lsa secrets: dump file extension 
The logger tell you LSA secrets are dump in a file named xxx.lsa

```
SMB        x.x.x.x 445    FRSCWP0001       [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```

But in reality they are logged in xxx.screts.

So just fixing the extension showed by the  logger.
 2019-12-19 10:12:17 +01:00
mpgn 2cf0c0fb90 Migrate cmedb to python3 2019-11-12 16:39:26 -05:00
mpgn 38acbbead5 Fix option --pass-pol in python3 
error due to :
	python2 => 1 / 2 = 0
	python3 => 1 / 2 = 0.5
	python3 => 1 // 2 = 0
 2019-11-12 13:33:14 -05:00
mpgn 73ab379acc Migrate function to python3 
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
 2019-11-11 05:06:39 -05:00
mpgn a29cf6760c update python3 2019-11-10 18:39:00 -05:00
mpgn c3c4b3192d start python3 migration 2019-11-10 22:42:04 +01:00
byt3bl33d3r 48fd338d22
Merge pull request #304 from gustavi/master 
Fix encoding in smb --sam
 2019-08-16 10:57:11 -06:00
byt3bl33d3r 44fd121dce
Merge pull request #309 from shadowgatt/master 
Fixing SMB encoding error
 2019-08-16 10:56:39 -06:00
Ryan f1228174cd
Update winrm.py 
Closes https://github.com/byt3bl33d3r/CrackMapExec/issues/310
 2019-08-16 08:58:26 -05:00
root 12443285e9 Fix SMB encode 2019-07-13 17:52:00 +02:00
root e435a4f87b Fix SMB encode 2019-07-13 17:50:24 +02:00
Augustin Laville fdb41c0125 Fix encoding in smb --sam 2019-04-12 13:32:38 +02:00
Harrison Neal 85e4de988b
Fix false positive signing disabled with SMB2/3 
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection.  When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state.  Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite.  The latter contributed to many false positives in the --gen-relay-list output file.  This is a hackish change that addressed the issue for me.
 2019-03-26 15:45:02 -04:00
byt3bl33d3r f61cb7e3f0
Merge pull request #256 from FrankSpierings/patch-2 
Modified logging in spider.py
 2018-08-28 19:57:55 +08:00
byt3bl33d3r 50a379dad4
Merge pull request #255 from FrankSpierings/patch-1 
Update smbspider.py - Feature to use `--spider '*'` to spider all rea…
 2018-08-28 19:55:54 +08:00
root 1a7174137c Added remotehost in the spidering output. It is now //<remotehost>/<share>/<folder *>/<file> 2018-07-07 14:33:14 +00:00
Frank Spierings 2823452053
Update smbspider.py - Feature to use `--spider '*'` to spider all readable shares 
I've added the option to allow spidering over all readable shares.
 2018-07-07 16:00:59 +02:00
Korey McKinley 7034ab66d0
Flag to allow continuation while password spraying 
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)

Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success

In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
 2018-05-26 19:44:24 -06:00
byt3bl33d3r f3465ef008 Fixed up @aj-cgtech changes 2018-03-01 12:36:17 -07:00
byt3bl33d3r 5fd4aa716c Merge branch 'usersfix' of https://github.com/aj-cgtech/CrackMapExec into aj-cgtech-usersfix 2018-03-01 11:57:33 -07:00
Markus Krell 8dd4e95fe7 fixes debug output error if exec method fails 2018-02-23 14:55:05 +01:00
aj-cgtech fffc24ae46 Having worked out how the protocol object is created. Created config 
object once, and set as an attr on each protocol.
More elegant, and allows for further config options in the future.
 2018-02-23 10:13:46 +00:00
aj-cgtech b6a7028999 Typo, not l33t. 2018-02-22 21:18:31 +00:00
aj-cgtech 7e2a267328 Merging "Pwn3d!" label changes. 
Fixes issue #236

Adds the ability to change the (Pwned!) label on CME output.

By default, nothing changes, but if required, to keep suits happy, you
can change the output of CME by adding a property to ~/.cme/cme.conf, in
the [CME] section, property "pwn3d_label".

eg:
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Woot!
 2018-02-22 20:24:03 +00:00
aj-cgtech 6ee852387c Pwn3d label parameterised in config file. 2018-02-22 13:03:07 +00:00
aj-cgtech 8bba4b46f6 Changes to users() and groups() 
users() was failing on a bad attribute, changed code to use getattr
instead. If attribute is missing, it no longer throws exception.

extraction of domain from distinguished name was not working in all
circumstances. FOO.COM would work, but FOO.CO.UK or even FOO.BAR.CO.UK
would extract CO incorrectly. function now extracts fully qualified
domain, which then gets shortened by db_add_user() function.
 2018-02-20 12:57:23 +00:00
byt3bl33d3r 4b35455997 Refactored Database Menu code 
- Fixed some MSSQL DB interaction bugs
- Made MSSQL DB schema more consistent
- cmedb output now gets formatted using terminaltables (so perty)
- Made everything a bit more PEP8 compliant
 2017-11-02 17:43:08 +08:00
byt3bl33d3r 2b00a795da Fixed Powershell execution using MSSQL 2017-10-25 00:45:58 -06:00
byt3bl33d3r f1c6858e55 Fixed bug where creds dumped via mimikatz wouldn't be added to the database 2017-10-24 22:56:34 -06:00
byt3bl33d3r 03f8fc6503 Fixes #187 2017-10-24 21:52:41 -06:00
byt3bl33d3r 211e78314d Merge branch 'master' of github.com:byt3bl33d3r/CrackMapExec 2017-10-24 21:30:21 -06:00