- decrease winrm timeout to 3 seconds so @IppSec 's videos
tlast less time :)
-- add ico to cme exe
-- add option smb-server-port to make cme compatible with windows
- Passing --ntds will automatically use the drsuapi method (DCSync)
- Initial implementation of the SSH protocol and the mimipenguin module
(This is very much still not finished, lots of stuff missing)
- Added check to make sure existing config file is in the 4.x format
- Added splinter and paramiko to dep requirements
- Updated Impacket to latest commit
- HTTP protocol now also returns server version in output
Just fyi for anyone reading this, it's not even close to being
finished.
The amount of changes are pretty insane, this commit is to serve as a
refrence point for myself.
Highlights for v4.0:
- The whole codebase has been re-written from scratch
- Codebase has been cut around 2/4
- Protocols are now modular! In theory we could use CME for everything
- Module chaining has been removed for now, still trying to figure out a
more elegant solution
- Workspaces have implemented in cmedb
- The smb protocol's database schema has been changed to support storing users,
groups and computers with their respective memberships and relations.
- I'm in the process of re-writing most of the modules, will re-add them
once i've finished
Oook, this commit is basicallu just so I can start tracking (and
testing) all of the changes made so far:
- All execution methods are now completely fileless, all output and/or batch
files get outputted/hosted locally on a SMB server that gets spun up on runtime
- Module structure has been modified for module chaining
- Module chaining implementation is currently very hacky, I definitly
have to figure out something more elegant but for now it
works. Module chaining is performed via the -MC flag and has it's own
mini syntax (will be adding it to the wiki)
- You can now specify credential ID ranges using the -id flag
- Added the eventvwr_bypass and rundll32_exec modules
- Renamed a lot of the modules for naming consistency
TODO:
- Launchers/Payloads need to be escaped before being generated when
module chaining
- Add check for modules 'required_server' attribute
- Finish modifying the functions in the Connection object so they return
the results
* For some reason the config file got lost in between version bumps, re-added it
* Improved the logic in first_run.py, it will now autodetect missing files and will copy/generate them accordinglu
* Code cleanup in cmedb.py and bug fixes in crackmapexec.py
Alex
mpgn
Marshall Hallenbeck
Wlayzz
T1erno
byt3bl33d3r
byt3bl33d3r