Commit Graph

62 Commits (6919d477b7caa067b7f4240c9eff83e56fd717a4)

Author SHA1 Message Date
mpgn 19a6c3887f merge master into pr 2023-02-16 08:04:23 -05:00
zblurx f790d95613 pass it to core option 2023-02-07 12:06:42 +01:00
mpgn bdab59472b Add ccache support for RDP auth 2023-02-01 06:04:13 -05:00
mpgn 31b18614e1 replace simple quote by double quote for export 2022-12-14 09:55:17 -05:00
mpgn b2bcbe0ade Fix issue #667 with use-kcache option 2022-11-03 16:04:46 -04:00
mpgn 53f5791e7c Fix a lot things but good pr 2022-10-20 15:40:53 -04:00
zblurx e6250e1b98 change parameter name 2022-10-20 18:11:10 +02:00
zblurx f4485ff279 fix kerberos authentication 2022-10-20 18:08:30 +02:00
Wlayzz b57ba767f8 Adding shebang and encoding utf-8 for all python files 2022-07-19 01:59:14 +02:00
mpgn 8d665375a8 Improve laps core functon 2022-02-10 16:36:07 -05:00
mpgn bc137a005c Fix kerberos auth with smb 2022-01-19 08:24:11 -05:00
mpgn 27552fab02 Update fix for ipv6 local link adresss #470 2022-01-05 04:47:42 -05:00
mpgn eec9dfe49f Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2022-01-04 05:23:34 -05:00
mpgn a8df4c2a86
Fix error when hash option is used thx to @tiyeuse
`cme smb 192.168.57.5 -u users.txt -H 8846f7eaee8fb117ad06bdd830b7586c``

=> 

UnboundLocalError: local variable 'ntlm_hash_file' referenced before assignment
2022-01-04 11:17:21 +01:00
mpgn e979dfe4f9 Add bloodhound core feature 2021-11-20 16:37:14 -05:00
mpgn 11addb6b51 Add bloodhound core feature 2021-11-19 16:16:37 -05:00
mpgn 3a874153cf Add option --connectback-host for module to bypass NAT network 2021-11-17 08:02:06 -05:00
mpgn b31ffc1a64 Improve laps core function 2021-11-17 07:37:20 -05:00
mpgn 0f5fe00f9e Fix ldap kerberos login 2021-11-01 14:27:14 -04:00
mpgn fcddee656e Update laps core function 2021-10-17 11:50:29 -04:00
mpgn 86ad83f74b Merge branch 'master' of https://github.com/mpgn/cme 2021-09-18 17:04:46 -04:00
mpgn 46a00c3fef
Merge pull request #409 from RagingCactus/file-handling-concurrency-fixes
Fix file reading concurrency issues
2021-09-17 20:33:33 +02:00
mpgn 091915b990 Fix and add a lot, check commit message
Update LDAP proto:
	- can fetch a LDAP domain from an account from another domain (trust relation between forest)
	- fix sizeLimit to unlimited on LDAP queries
	- fix little mistake in LDAP modules

Update SMB proto:
	- fix users function when DC is vulnerable to NULL SESSION
	- add SAMRPC function to fetch users on the domain
	- add option --computers to fetch all computers

Update CLI
	- add function export, but it's not tested
2021-06-24 14:38:24 -04:00
mpgn 89035e06a5 Add IPv6 support #339 thanks to @bert128 2021-01-29 06:16:55 -05:00
mpgn b2a53dc896 Better null session handle 2021-01-29 05:53:40 -05:00
byt3bl33d3r cb5c8855ed Version 5.1.3 🔥
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
  give you a completion percentage and the number of hosts remaining to
  scan
2020-11-15 16:42:28 -07:00
Marius Renner cc1af64448 Fix file reading concurrency issues
Before this commit, file objects for the username, password or NTLM hash
files were all shared between target jobs for different hosts. This
could cause numerous different errors in password or hash spraying jobs
with multiple targets. Sometimes some lines in input files were skipped
for some targets, and sometimes CME even ended up in an infinite loop
due to seeking in a file that is currently also being iterated on.

There have been attempts to fix some of these errors with file.seek(0)
in some places, such as with d13042f637.
This almost works because of the BoundedSemaphore sem that effectively
keeps CME attacks single-threaded. However, there were still corner
cases with shared file object accesses not protected by the semaphore.

To fix this in a reliable way, this commit shifts the responsibility of
open()ing a file object to every job instead of globally at the start.
While this does mean that the application will open the same files a
bunch of times, it also ensures correctness in regard to concurrency.
This should also allow to relax the semaphore in the future in case no
global or username limit across all targets is required.
2020-08-16 14:01:49 +02:00
mpgn 3cc0b00f0b Remove conditional auth for modules and options 2020-08-11 07:39:16 -04:00
mpgn 1aa2f8cc0f Fix winrm uninitialized variable and hash auth option 2020-07-28 10:16:06 -04:00
mpgn d13042f637 Fix missing user.seek when using file as username with several hosts
this commit maybe break something but it solve this `cme smb file -u file -p file`
2020-06-20 18:43:34 -04:00
mpgn 280d497b0d Add conditional check on the func login()
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
2020-06-20 18:16:37 -04:00
mpgn fb9d6fbc59 Fix cme action build 2020-05-10 20:16:34 +02:00
mpgn 8931ec2300 Add Windows spec file to compile CME for Windows 2020-05-10 20:06:08 +02:00
mpgn d3a7effb86 Fix ssh issue #375 2020-05-09 07:59:53 -04:00
mpgn 622245dcfa Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
mpgn 1308bc30c8 Adding Kerberos support for CME #22
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
mpgn 74792ce712 Add option --no-bruteforce allowing credentials spraying without bruteforce
cme accept user file and password file and works like this:
user1 -> pass1
      -> pass2
user2 -> pass1
      -> pass2

Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
2020-04-30 10:06:57 -04:00
mpgn 7b0f2e9bdb Add multi domain support DOMAIN\user when passing file to -u option #243 2020-04-29 12:32:21 -04:00
mpgn d2c477aafb Migrate file option input
* -u user.txt
* -p password.txt
* -H hashntlm
2019-11-11 05:39:44 -05:00
mpgn a29cf6760c update python3 2019-11-10 18:39:00 -05:00
byt3bl33d3r 1603ac4819 Added WINRM support, NMap XML and .Nessus parsing
- Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting)
- Added support for NMap XML and .Nessus files if given as targets
- Fixed a bug in the MSSQL protocol which caused it to not retrieve host info
- Version Bump
2017-10-24 20:08:19 -06:00
byt3bl33d3r 0b936def23 Takes care of issue #190 and #191, initial SSH protocol implementation
- Passing --ntds will automatically use the drsuapi method (DCSync)
- Initial implementation of the SSH protocol and the mimipenguin module
  (This is very much still not finished, lots of stuff missing)

- Added check to make sure existing config file is in the 4.x format
- Added splinter and paramiko to dep requirements
- Updated Impacket to latest commit
- HTTP protocol now also returns server version in output
2017-07-09 23:44:58 -06:00
byt3bl33d3r ee36665516 Fixed MSSQL protocol, refactored HTTP Protocol
- Fixed error in MSSQL protocol which would cause it to error out when
executing commands
- Fixed logic to deal with standard MSSQL auth instead of windows auth
- Refactored the HTTP protocol
2017-05-02 18:52:16 -06:00
byt3bl33d3r f0752f61b7 Re-wrote the HTTP protocol to use splinter and phantomjs
- All http connections are now concurrent
- Added a flag to take screenshots of webpages
- Minor Code cleanup
2017-04-30 12:54:35 -06:00
byt3bl33d3r cada0fcbb4 Switched to gevents gethostbyname() function 2017-04-14 15:32:39 -06:00
byt3bl33d3r e8def0ad4c Fixes #165 2017-04-14 15:26:17 -06:00
byt3bl33d3r 602b7e13f0 Re-added most of the SMB protocol functionality
- Added new module gpp_decrypt
- Cleaned up the SMB spider as much as possible
- --wmi now uses pywerview
- Re-added the http protocol
2017-04-05 09:07:00 -06:00
byt3bl33d3r 5dc7c4ae62 Fixed logic errors when adding users and groups to the database
- Added debug logging to core db functions
- Fixed logging output
- Updated modules to use the new API
2017-03-29 18:03:04 -06:00
byt3bl33d3r 751f209cd7 Initial 4.0 pre-release 2017-03-27 15:09:36 -06:00
byt3bl33d3r 9fefd167b0 Initial commit for v4.0
Just fyi for anyone reading this, it's not even close to being
finished.

The amount of changes are pretty insane, this commit is to serve as a
refrence point for myself.

Highlights for v4.0:
- The whole codebase has been re-written from scratch
- Codebase has been cut around 2/4
- Protocols are now modular! In theory we could use CME for everything
- Module chaining has been removed for now, still trying to figure out a
more elegant solution
- Workspaces have implemented in cmedb
- The smb protocol's database schema has been changed to support storing users,
groups and computers with their respective memberships and relations.
- I'm in the process of re-writing most of the modules, will re-add them
once i've finished
2016-12-15 00:28:00 -07:00