Commit Graph

248 Commits (68a908562a1be40ba82ce3e38bbf285a9bcb4bbc)

Author SHA1 Message Date
byt3bl33d3r 6eabf0224c Updated README 2016-03-27 15:45:41 -06:00
byt3bl33d3r 10a12a9a0f Initial v3.0 commit to master
Quick re-cap on the new features:

* Credentials and hosts are now stored in a database, the cme_db.py script can be used to query it
* Module system has been implemented allowing anyone to create payloads
* All underlying powershell code has been ported to a module
* The HTTP/HTTPS server now tracks connections: no more guessing when to CTRL-C
* All around better code quality, error handling and logging
2016-03-27 15:17:18 -06:00
byt3bl33d3r 792a631fe2 Updated the usage in README 2016-03-12 19:20:40 -07:00
byt3bl33d3r 4c3ca3a0f6 Added the --tokens options to enumerate available tokens (issue #86)
Re-added Empire's function to strip powershell comments
Changed the PowerView PS script to the actual supported one
2016-03-12 18:24:08 -07:00
byt3bl33d3r 5814121e6d Actually pushing the new cert would be nice 2016-03-11 22:08:13 -07:00
byt3bl33d3r f4141c9041 Regererated SSL cert, fixed a typo variable 2016-03-11 22:02:25 -07:00
byt3bl33d3r 3ec981f3fa Re-added the --timeout option 2016-03-11 20:09:52 -07:00
byt3bl33d3r ade4c12ad4 Revert "Stole Empires powershell architecture detection code, arch is now detected and handled automatically"
This reverts commit cd103f5cb6.

This is being reverted due to a bug in wmiexec when executing long
command strings. Falling back to the old method for now until/if fixed.
2016-03-11 20:01:42 -07:00
byt3bl33d3r bdcebd0045 Changed the default server to HTTPS (cause why not) 2016-03-07 22:32:35 -07:00
byt3bl33d3r cd103f5cb6 Stole Empires powershell architecture detection code, arch is now detected and handled automatically
Removed the --ps-arch option as its now useless
Added a --timeout switch to specify a max timeout for each thread
Regenerated default key and cert for the https server
2016-03-07 20:13:51 -07:00
byt3bl33d3r 2427ccaa9b Updated README 2016-01-27 00:29:35 -07:00
byt3bl33d3r 7b255b3c9a - More code cleanup in the smart_login function, added pwdump support
when using the combo file (-C) flag (resolves #80)
2016-01-26 23:50:33 -07:00
byt3bl33d3r c50ffb0f65 - Re-Factored MSSQL support for better integration when executing
commands and attacks (e.g. mimikatz, injection)
- By default, the --mssql flag will enumerate db instances and will
  allow you to execute commands through xp_cmdshell
- Made some logic changes on how/when connections are initiated
2016-01-26 21:23:03 -07:00
byt3bl33d3r 3c5cf012fd - Password. Username and Hash flags now accept one file or
user/pass/has per
  argument
- smart_login function partial code cleanup
2016-01-19 01:56:42 -07:00
byt3bl33d3r b1646c3f76 - Made output *FABULOUS* by aligning the logger output
- Moar unicode fixes (srsly fuck unicode)
2016-01-18 20:40:50 -07:00
byt3bl33d3r 224befe25d Fixed bug that would cause a traceback in rpcquery.py when PTH 2016-01-17 22:43:57 -07:00
byt3bl33d3r 5c31910571 Fixed .join() error in smart_login.py when PTH 2016-01-17 22:42:53 -07:00
byt3bl33d3r 7075c095cc Fixed wmiquery error when passing-the-hash 2016-01-17 12:28:52 -07:00
byt3bl33d3r d383c3df8f Updated requirements.txt 2016-01-17 00:51:25 -07:00
byt3bl33d3r 65187a7190 Updated Readme 2016-01-17 00:22:22 -07:00
byt3bl33d3r 3aaa378a23 - HTTP/S server now uses the new logging system 2016-01-17 00:09:45 -07:00
byt3bl33d3r 256f2cd12d - Powershell process architecture is now auto selected based on payload
- Added flag to force Powershell process architecture
2016-01-16 23:00:50 -07:00
byt3bl33d3r d1508d2923 Merge branch 'mssql_and_logging' of github.com:byt3bl33d3r/CrackMapExec into mssql_and_logging 2016-01-16 22:40:45 -07:00
byt3bl33d3r 5a1adba648 - Logging has been overhauled for readability and parsing (resolves #47)
- Added flag to test creds against MSSQL DBs (resolves #66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
- Added flag to enumerate MSSQL DB instances
- Targets are now accepted with arguments instead of a comma
  seperated list (resolves #71)
2016-01-16 22:39:56 -07:00
byt3bl33d3r 58b6d0636d - Logging has been overhauled for readability and parsing (resolves #47)
- Added flag to test creds against MSSQL DBs (resolves #66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
-
- Targets are now accepted with arguments instead of a comma
  seperated list (resolves #71)
2016-01-16 22:33:11 -07:00
byt3bl33d3r 7aa67e388c Resolves #70 2016-01-13 19:21:04 -07:00
byt3bl33d3r 86ca7e4640 Updated target paramater description 2016-01-06 23:28:31 -07:00
byt3bl33d3r f85a50cfe4 Merge pull request #62 from maaaaz/master
Service Interaction name parameter & encoding errors fix
2016-01-06 22:47:17 -07:00
byt3bl33d3r 15c5b83bc2 added ability to accept FQDNS and hostnames as targets (resolves #13) 2016-01-06 22:07:19 -07:00
byt3bl33d3r a1e113520a Adding a user-agent to the HTTP/S request when downloading the Meterpreter staged shellcode would cause a rpc_access_denied error
when executing the PS code with WMI.
Have to investigate why, for now removed the offending code and everything seems to be working perfectly.
2015-12-25 12:54:02 -07:00
maaaaz 1a40805ae4 service interaction fix 2015-12-20 12:24:17 -05:00
maaaaz d2c103bf56 encoding errors fix 2015-12-20 12:10:40 -05:00
byt3bl33d3r 3d0203a780 Version bump and README update 2015-12-20 00:19:23 -07:00
byt3bl33d3r 553ec9910e Updated the Powershell payloads to support Powersploits 3.0 update 2015-12-20 00:11:08 -07:00
byt3bl33d3r c328c397f8 Forgot regex string for Invoke-NinjaCopy 2015-12-19 22:01:04 -07:00
byt3bl33d3r 5515464c02 Updated PowerSploit scripts to latest version 2015-12-19 21:57:28 -07:00
byt3bl33d3r 9f130886ee updated README 2015-12-13 15:51:00 -07:00
byt3bl33d3r 45e37570a3 Updated powerview.ps1 to latest commit 2015-12-13 14:27:18 -07:00
byt3bl33d3r e965cd8374 Should resolve #51 2015-12-13 13:47:51 -07:00
byt3bl33d3r f5c8684876 Fixed output for --gpp-passwords option in http/s server 2015-12-11 00:29:47 -07:00
byt3bl33d3r 3574bbe832 Added --gpp-passwords option to retrieve GPP passwords 2015-12-11 00:24:43 -07:00
byt3bl33d3r 4e1414fa04 Removed some useless imports 2015-11-29 12:21:42 -07:00
byt3bl33d3r 9e50051651 Merge branch 'maaaaz-master' 2015-11-29 12:21:19 -07:00
byt3bl33d3r 9916c03a05 Removed code to check for log directory 2015-11-29 12:21:06 -07:00
maaaaz 7401c13563 post v2.1 changes 2015-11-29 12:07:30 -05:00
byt3bl33d3r 3016461f41 Updated usage in README 2015-11-20 20:24:04 -07:00
byt3bl33d3r a2c2c17489 Added src param for --download (resolves #32) 2015-11-20 20:20:42 -07:00
byt3bl33d3r 474ded4ea2 Fixed port variable when invoking PowerView 2015-11-20 19:47:40 -07:00
byt3bl33d3r f0fe1a25a7 Added option to set the HTTP/HTTPS server port (resolves #33) 2015-11-20 19:33:55 -07:00
byt3bl33d3r 0d1e580edd Added previous commit changes to passpoldump.py 2015-11-20 18:54:34 -07:00