af2dc05b7e
Add --continue-on-success option to ldap protocol
2021-01-21 03:47:45 -05:00
fffb5d4532
Add module get_description
2020-12-11 18:48:35 +01:00
7210bc1eae
Add better error management for --shares
2020-12-09 17:12:58 -05:00
b79341aa2c
Bump to version 5.1.4
2020-11-29 15:04:53 -05:00
b0aa66a074
Fix encode error on spider option #430
2020-11-27 18:46:41 -05:00
cc7573155f
Fix pass policy max password age #435
2020-11-27 15:51:09 -05:00
95f9d11b45
Modified banner
2020-11-16 13:21:41 -07:00
cb5c8855ed
Version 5.1.3 🔥
...
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
give you a completion percentage and the number of hosts remaining to
scan
2020-11-15 16:42:28 -07:00
dc95b51784
Merge pull request #419 from Dliv3/master
...
Fix mssql execute command error
2020-10-09 19:34:04 +02:00
395a466bf7
Update spider_plus.py
2020-10-07 23:11:37 +02:00
50bebac056
Fix mssql enum host info error
2020-10-01 22:46:13 +08:00
9f7a2851a7
Fix powershell b64encode error
2020-10-01 17:03:52 +08:00
7dde1a13f6
Update mssql check_if_admin
2020-10-01 16:12:16 +08:00
c9cc0c74fa
Bumped version number
2020-09-20 08:18:32 -06:00
79e57eaa20
Fix spider_plus module options
2020-09-20 15:09:51 +02:00
14d12fba1e
Fix wireless module not showing all cleartext password
2020-09-12 15:54:51 -04:00
e73348513d
Fix initialisation when openssl not installed
2020-09-11 18:43:57 -04:00
6885d9fd30
Add local-auth flag for MSSQL proto
2020-09-06 15:38:29 -04:00
bd549d0e6f
Fix false positive on ckec_if_admin func MSSQL
2020-09-06 10:09:44 -04:00
74ddbe7545
Fix check_if_admin() function for mssql
2020-09-06 09:30:03 -04:00
e47b110603
Improve MSSQL login
2020-09-06 09:21:38 -04:00
bf5b4486fc
Fixed GPP filename typo and print
2020-08-26 22:47:43 -04:00
cc1af64448
Fix file reading concurrency issues
...
Before this commit, file objects for the username, password or NTLM hash
files were all shared between target jobs for different hosts. This
could cause numerous different errors in password or hash spraying jobs
with multiple targets. Sometimes some lines in input files were skipped
for some targets, and sometimes CME even ended up in an infinite loop
due to seeking in a file that is currently also being iterated on.
There have been attempts to fix some of these errors with file.seek(0)
in some places, such as with d13042f637
2020-08-16 14:01:49 +02:00
8785f5d3f4
option --ntds doesn't require to be admin anymore check #408
2020-08-12 17:27:53 +02:00
3cc0b00f0b
Remove conditional auth for modules and options
2020-08-11 07:39:16 -04:00
4e444b68db
Update spider_plus module with readable datetime
2020-07-30 10:30:29 -04:00
ce8094045d
Add more compatibility for windows exe
...
- decrease winrm timeout to 3 seconds so @IppSec 's videos
tlast less time :)
-- add ico to cme exe
-- add option smb-server-port to make cme compatible with windows
2020-07-30 15:14:31 +02:00
1aa2f8cc0f
Fix winrm uninitialized variable and hash auth option
2020-07-28 10:16:06 -04:00
97c92ffcdd
Fix os import and add the dump optional using READ_ONLY option
2020-07-05 16:58:09 -04:00
ccb8e67e7b
Update spider_plus module
...
Change default output folder to TMP
Add import to fix error in try catch since os.errno does not exist anymore in python3.7
2020-07-05 21:53:07 +02:00
584c926af7
Add spider_plus module
...
Module to spider and dump small files from SMB servers.
2020-07-02 09:10:43 +02:00
e58930581e
dockerhub with pywerview testing
2020-06-30 19:05:54 -04:00
d80c4bf39c
Fix some logic error using option asreproast #398
2020-06-30 16:49:11 -04:00
e0a1c5c49d
Switch to master branch of Invoke-VNC #354
2020-06-30 15:31:30 -04:00
4a0cb31724
Switch to version 5.1.0dev - codename 3TH@n
2020-06-25 23:24:12 +02:00
2fd9ac50e4
Add ntlm hash auth with ldap protocol
2020-06-22 06:25:32 -04:00
4120883f6d
Add hash auth with winrm protocol
2020-06-22 06:25:00 -04:00
56f1f9dd93
Login return False only if NT_STATUS_LOGON_FAILURE
2020-06-21 15:21:07 -04:00
d13042f637
Fix missing user.seek when using file as username with several hosts
...
this commit maybe break something but it solve this `cme smb file -u file -p file`
2020-06-20 18:43:34 -04:00
280d497b0d
Add conditional check on the func login()
...
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
2020-06-20 18:16:37 -04:00
8f2ef3fdaf
Add color when smb status is not ACCESS_DENIED #391
2020-06-20 13:20:27 -04:00
648d756701
Improve os import for ldap protocol
2020-06-20 06:30:25 -04:00
c590230f97
Clean authentication fail message on winrm protocol when ntlm error
2020-06-20 06:26:32 -04:00
b8c505c234
Improve output of protocol winrm
2020-06-20 06:20:53 -04:00
046056d273
Add option --continue-on-success to smb protocol
2020-06-20 06:10:05 -04:00
5b6d66950f
Fix ssh authentication error and update option for unconstrainte delegation to --trusted-for-delegation
2020-06-20 05:56:55 -04:00
957820e339
Fix ldap protocol os import
2020-06-19 17:57:09 -04:00
ad4f06918b
Refactor the ldap module and add option --admin-count and --trusted-for-auth
2020-06-19 17:31:34 -04:00
e5d1942251
Add kerberoasting and asrepoast attack with LDAP protocol
2020-06-19 09:20:22 -04:00
4a19d4dc32
feat(ssh): Add support for publickey authentication.
2020-05-21 09:03:12 -04:00
fb9d6fbc59
Fix cme action build
2020-05-10 20:16:34 +02:00
8931ec2300
Add Windows spec file to compile CME for Windows
2020-05-10 20:06:08 +02:00
b796000343
Fix issue #321 option --continue-on-success
2020-05-09 09:36:31 -04:00
3e1fa0f258
Fix local-auth authentication
2020-05-09 08:20:53 -04:00
d3a7effb86
Fix ssh issue #375
2020-05-09 07:59:53 -04:00
9ae444aab9
Merge branch 'master' into v5-dev
2020-05-05 18:51:41 +02:00
e71b724cdf
Bump to 5.0.2dev
2020-05-05 12:50:32 -04:00
b778306cc1
Always print FQDN
2020-05-05 12:13:32 -04:00
3b57fb0869
Add checkifadmin() for Kerberos auth #22
2020-05-05 12:11:18 -04:00
4069cb7290
Add module - Set as owned in BloodHound
2020-05-05 09:59:30 +02:00
1820cc1ffb
Show FQDN instead of domain name
2020-05-04 15:30:56 -04:00
c75d7abebf
Update fix about no credentials
2020-05-04 19:32:58 +02:00
622245dcfa
Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
...
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
52528a44bb
Merge branch 'v5-dev' of https://github.com/byt3bl33d3r/CrackMapExec
2020-05-03 14:32:17 -04:00
1308bc30c8
Adding Kerberos support for CME #22
...
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
72338026ff
Merge pull request #367 from byt3bl33d3r/v5-metasploit
...
Add Module metasploit
2020-05-03 18:01:20 +02:00
47fe1e4772
Remove submodule and simplify metasploit module #357
2020-05-03 06:19:26 -04:00
c3c9b2f04a
Remove useless code #364
2020-05-01 17:31:54 -04:00
580018050c
Add better logic to MSSQL connection #364
2020-05-01 17:18:25 -04:00
c5be1e5234
Add exception handler when login fails on MSSQL protocol #364
2020-05-01 17:11:54 -04:00
ef934a7925
Rename options for module metasploit #357
2020-05-01 16:53:02 -04:00
bfe1d5b7c3
Fix uninitialized variable #363
2020-05-01 14:33:18 -04:00
062e312fd5
Add try catch for issue #363
2020-05-01 14:20:55 -04:00
fd912c0b7d
Fix thread stop assert error #357
2020-05-01 14:02:12 -04:00
73fb336040
Update module metasploit #357
...
As the old code with the shellcode was broken, we switch to a simple powershell solution with Invoke-MetasploitPayload.ps1
2020-05-01 13:12:01 -04:00
4dc4892660
Check if output is byte before decoding
2020-04-30 13:56:34 -04:00
74792ce712
Add option --no-bruteforce allowing credentials spraying without bruteforce
...
cme accept user file and password file and works like this:
user1 -> pass1
-> pass2
user2 -> pass1
-> pass2
Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
2020-04-30 10:06:57 -04:00
7b0f2e9bdb
Add multi domain support DOMAIN\user when passing file to -u option #243
2020-04-29 12:32:21 -04:00
2ca377f3d8
Simplify command for wireless password #305
2020-04-29 11:09:44 -04:00
b6a6e6a9bf
Add wireless module #305
2020-04-29 11:03:52 -04:00
78c5d9ebd9
Update WINRM authentication option
...
If you want to avoind SMB connection use the flag -d DOMAIN
2020-04-29 06:28:47 -04:00
479ae1f721
Update MSSQL protocol for windows authentication #306
...
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
2020-04-29 05:56:11 -04:00
f58a10124d
Update winrm method to allows code execution from normal user
...
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275
we switch from pywinrm to pypsrp
2020-04-28 15:30:18 -04:00
a20d28a885
Update RID-Hijacking to latest version #353
2020-04-28 13:22:42 -04:00
e9a5841731
Fix typo on put-file function
2020-04-28 12:28:25 -04:00
f84035fa7a
Add function get-file and put-file
2020-04-28 12:22:30 -04:00
1bbe1ac0cc
Clean output of mssql protocol
2020-04-28 09:39:33 -04:00
af68773b6c
Fix #352 target using file
2020-04-28 08:42:25 -04:00
356b020cb3
Fix winrm warning from pywinrm
2020-04-28 07:24:01 -04:00
63cf5af003
Fix smbexec function #269
2020-04-28 06:19:33 -04:00
18c438993c
Fix ssh connection #351
2020-04-28 06:11:16 -04:00
ba04528738
Add feature: file as argument for -x and -X command #269
2020-04-27 16:38:30 -04:00
f19f137b0d
Fix smbexec.py decode error
2020-04-22 11:04:22 -04:00
84222eb001
Fix bytes error on gpp_autologin and gpp_password modules
2020-04-22 10:33:03 -04:00
a13ec6c3d6
Fix gpp_password encoding error with python3 #350
2020-04-22 06:43:17 -04:00
1e8cd73a26
Switch Invoke-VNC project to python3 branch #317
2020-04-21 09:12:43 -04:00
6c0228f403
Fixed dependency hell, added Github actions workflow
...
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
dependency
2020-04-20 13:19:55 -03:00
e294a72924
Fix mimikatz module decode error #308
2020-04-20 06:24:56 -04:00
ed8c91ab60
changed comparison operators that generate syntax warnings
2020-04-20 03:22:03 +03:00
9790c67620
Fix pylnk3 version from setup
...
fix warning with pylnk3 version
remove useless import and comment from lsassy module
2020-04-19 15:18:23 -04:00
47c83d90dc
Add lsassy module
2020-04-19 20:30:35 +02:00
e2e976847b
Update module rid_hijack to python3
2020-04-19 14:09:32 -04:00
7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1
...
Fix false positive signing disabled with SMB2/3
2020-04-19 14:36:59 -03:00
02a62b027c
Merge pull request #295 from r4wd3r/rid_hijacking
...
Add RID Hijacking Persistence Module
2020-04-19 14:36:47 -03:00
498f3fc197
Merge pull request #327 from noraj/patch-1
...
lsa secrets: dump file extension
2020-04-19 14:32:48 -03:00
ff167fa152
Fix typo response module mimikatz #334
2020-03-09 10:26:48 +01:00
f34820939f
Remove impacket and pywinrm thirdparty
...
impacket and pywinrm are pip package, no need to have them in the
thirdparty folder anymore
2020-01-24 03:40:02 -05:00
83c8e5b5a3
Add module compatibility for Python3
...
Mimikatz, Bloodhound etc
2020-01-18 07:20:10 -05:00
545b59054b
Fix Pipfile python version and submodile version
2020-01-16 04:34:21 -05:00
18634423f3
lsa secrets: dump file extension
...
The logger tell you LSA secrets are dump in a file named xxx.lsa
```
SMB x.x.x.x 445 FRSCWP0001 [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```
But in reality they are logged in xxx.screts.
So just fixing the extension showed by the logger.
2019-12-19 10:12:17 +01:00
2cf0c0fb90
Migrate cmedb to python3
2019-11-12 16:39:26 -05:00
c2698ba8ed
Fix HTTP server for module Mimikatz
2019-11-12 14:42:52 -05:00
38acbbead5
Fix option --pass-pol in python3
...
error due to :
python2 => 1 / 2 = 0
python3 => 1 / 2 = 0.5
python3 => 1 // 2 = 0
2019-11-12 13:33:14 -05:00
179dfef811
Fix mimikatz range issue
2019-11-11 06:26:38 -05:00
d2c477aafb
Migrate file option input
...
* -u user.txt
* -p password.txt
* -H hashntlm
2019-11-11 05:39:44 -05:00
73ab379acc
Migrate function to python3
...
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
2019-11-11 05:06:39 -05:00
a29cf6760c
update python3
2019-11-10 18:39:00 -05:00
c3c4b3192d
start python3 migration
2019-11-10 22:42:04 +01:00
48fd338d22
Merge pull request #304 from gustavi/master
...
Fix encoding in smb --sam
2019-08-16 10:57:11 -06:00
44fd121dce
Merge pull request #309 from shadowgatt/master
...
Fixing SMB encoding error
2019-08-16 10:56:39 -06:00
f1228174cd
Update winrm.py
...
Closes https://github.com/byt3bl33d3r/CrackMapExec/issues/310
2019-08-16 08:58:26 -05:00
12443285e9
Fix SMB encode
2019-07-13 17:52:00 +02:00
e435a4f87b
Fix SMB encode
2019-07-13 17:50:24 +02:00
fdb41c0125
Fix encoding in smb --sam
2019-04-12 13:32:38 +02:00
85e4de988b
Fix false positive signing disabled with SMB2/3
...
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection. When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state. Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite. The latter contributed to many false positives in the --gen-relay-list output file. This is a hackish change that addressed the issue for me.
2019-03-26 15:45:02 -04:00
49a002fcd4
Merge branch 'master' into rid_hijacking
2019-03-23 16:10:44 -05:00
333f1c4e06
Updated all submodules, replace pycrypto with pycryptodomex
2019-03-13 21:51:25 -06:00
56ed25b621
Add rid_hijack.py module
2019-02-24 20:51:16 -05:00
d472bdb004
Add RID-Hijacking submodule
2019-02-24 20:50:03 -05:00
dbe142c1ae
Merge pull request #280 from awsmhacks/master
...
update to powershell.py
2018-12-10 16:03:12 -07:00
304836d702
update powershell.py
...
Adding [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12' to fix a SSL/TLS error
2018-12-06 14:07:40 -06:00
b4fb22f6fe
Get-ComputerDetails.py
2018-11-04 14:22:17 +05:30
224c24a0a4
Updated all submodules and packages
2018-08-29 15:33:02 +08:00
f61cb7e3f0
Merge pull request #256 from FrankSpierings/patch-2
...
Modified logging in spider.py
2018-08-28 19:57:55 +08:00
50a379dad4
Merge pull request #255 from FrankSpierings/patch-1
...
Update smbspider.py - Feature to use `--spider '*'` to spider all rea…
2018-08-28 19:55:54 +08:00
0128b589dc
Merge pull request #248 from kmackinley/kmackinley-cme-dev1
...
Flag to allow continuation while password spraying
2018-08-28 19:40:14 +08:00
1a7174137c
Added remotehost in the spidering output. It is now //<remotehost>/<share>/<folder *>/<file>
2018-07-07 14:33:14 +00:00
2823452053
Update smbspider.py - Feature to use `--spider '*'` to spider all readable shares
...
I've added the option to allow spidering over all readable shares.
2018-07-07 16:00:59 +02:00
dabdcf49ca
updated amsi bypass
2018-05-29 17:47:54 -06:00
7034ab66d0
Flag to allow continuation while password spraying
...
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)
Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success
In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
2018-05-26 19:44:24 -06:00
f3465ef008
Fixed up @aj-cgtech changes
2018-03-01 12:36:17 -07:00
5fd4aa716c
Merge branch 'usersfix' of https://github.com/aj-cgtech/CrackMapExec into aj-cgtech-usersfix
2018-03-01 11:57:33 -07:00
12846a7e9e
Merge pull request #237 from friendlyintruder/master
...
fixes debug output error if exec method fails
2018-03-01 11:51:57 -07:00
8dd4e95fe7
fixes debug output error if exec method fails
2018-02-23 14:55:05 +01:00
fffc24ae46
Having worked out how the protocol object is created. Created config
...
object once, and set as an attr on each protocol.
More elegant, and allows for further config options in the future.
2018-02-23 10:13:46 +00:00
b6a7028999
Typo, not l33t.
2018-02-22 21:18:31 +00:00
7e2a267328
Merging "Pwn3d!" label changes.
...
Fixes issue #236
Adds the ability to change the (Pwned!) label on CME output.
By default, nothing changes, but if required, to keep suits happy, you
can change the output of CME by adding a property to ~/.cme/cme.conf, in
the [CME] section, property "pwn3d_label".
eg:
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Woot!
2018-02-22 20:24:03 +00:00
6ee852387c
Pwn3d label parameterised in config file.
2018-02-22 13:03:07 +00:00
8bba4b46f6
Changes to users() and groups()
...
users() was failing on a bad attribute, changed code to use getattr
instead. If attribute is missing, it no longer throws exception.
extraction of domain from distinguished name was not working in all
circumstances. FOO.COM would work, but FOO.CO.UK or even FOO.BAR.CO.UK
would extract CO incorrectly. function now extracts fully qualified
domain, which then gets shortened by db_add_user() function.
2018-02-20 12:57:23 +00:00
e1e68abe9a
Added extra export options and command line feedback.
2018-02-19 14:47:12 +00:00
mpgn
nodauf
byt3bl33d3r
Dliv3
dev
Marius Renner
Vincent D
Alexandre Beaulieu
pixis
byt3bl33d3r
sw
Alexandre ZANNI
Ryan
root
Augustin Laville
Harrison Neal
Sebastián Castro
Dhiraj Mishra
root
Frank Spierings
Dan McInerney
Korey McKinley
Markus Krell
aj-cgtech