Bryan De Houwer
286d8c2aca
Fix inconsistencies between ldap login functions
2022-09-19 12:02:58 +02:00
nurfed1
b0731f6f2c
Merge branch 'master' into master
2022-09-19 09:06:23 +02:00
Bryan De Houwer
f5ada644a9
Ensure --domain is provided with --no-smb argument
2022-09-19 01:12:22 +02:00
mpgn
eaf7096bde
Update FTP proto
2022-09-18 07:35:29 -04:00
mpgn
b277cd3b06
Better LDAP error message
2022-09-18 07:04:14 -04:00
Dramelac
a4936729fe
Fix success logging when using LDAPS
2022-09-16 17:44:59 +02:00
mpgn
fad860df43
Update ntds dump with option user and enabled #455
2022-09-11 12:49:28 -04:00
Roman Rivas II
f671ef1871
Add files via upload
2022-09-10 16:06:14 -07:00
Bryan De Houwer
81d2061102
Fix identation
2022-09-08 20:15:31 +02:00
Bryan De Houwer
032945221f
KerberosLogin resolve username
2022-09-08 20:14:50 +02:00
Bryan De Houwer
6a37fdca86
Fix ldap baseDN lookup and kdchost assumptions
2022-09-08 20:07:31 +02:00
Wlayzz
b57ba767f8
Adding shebang and encoding utf-8 for all python files
2022-07-19 01:59:14 +02:00
mpgn
6a447a581c
remove try catch #602
2022-07-06 11:17:24 -04:00
mpgn
94a28cd184
revert back to pywerview 0.3.3 for better compatibility
2022-07-06 09:52:53 -04:00
mpgn
560eae7e49
fix small bug with kerberoasting
2022-07-06 09:35:20 -04:00
guervild
6e27377b90
Update mssql database.py
2022-06-29 14:14:03 +02:00
guervild
d09e68fd6d
Add upload/download function to mssql
2022-06-29 13:44:41 +02:00
lap1nou
24cd26cca9
Fixed LDAPS with Kerberos
2022-06-28 21:12:09 +02:00
XiaoliChan
5423728d15
[rdp.py] port redirect to "self.args.port"
2022-06-23 21:16:36 +08:00
mpgn
0e91f0467f
Use forked impacket for mssql
2022-06-23 06:02:00 -04:00
mpgn
e82955b7e8
Remove print from rdp
2022-06-22 04:25:01 -04:00
mpgn
7b8473a82d
Fix rdp local-auth issue
2022-06-21 15:38:25 -04:00
mpgn
c47c77ce2e
Fix cmedb issue
2022-06-21 05:45:57 -04:00
mpgn
75e19ae4b2
Merge pull request #545 from Serizao/master
...
Add smbv1 and signing into sqlite database
2022-06-18 23:50:18 +02:00
mpgn
e3c8aa2966
Update db_navigator.py
2022-06-18 23:49:57 +02:00
mpgn
44e7ff155d
finish adding smbv1 and signing into cmedb
2022-06-18 17:43:09 -04:00
mpgn
f8bfe833d8
Smbexec improvement "STATUS_OBJECT_NAME_NOT_FOUND" with server 2019
...
https://github.com/SecureAuthCorp/impacket/issues/777#issuecomment-1048253251
2022-06-18 17:00:40 -04:00
mpgn
708e76d17a
Merge pull request #572 from shoxxdj/master
...
🚀 add support for filter user when searching for loggedon
2022-06-18 22:47:53 +02:00
whipped
71bbe5fae0
Update winrm.py
2022-06-17 23:00:12 +01:00
whipped
7202fd8a46
Merge branch 'master' into winrm_ssl_options
2022-06-17 22:04:11 +01:00
mpgn
055eb25c71
Merge pull request #570 from snovvcrash/codec
...
Add -codec execution option
2022-06-17 22:12:54 +02:00
Gianfranco Alongi
def9d4a562
Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) ( #560 )
...
* Fixed instability issues based - the smb mode will now not crash on
SMB object not having _Connection
NetBIOSTimeout
UnsupportedFeature
* Forgotten return statement
* Improved logging logic
* Improved logging
2022-06-17 22:11:28 +02:00
shoxxdj
d3b88088fc
🚀 add support for filter user when searching for loggedon
2022-04-27 11:04:23 +02:00
Sam Frees1de
f183b6bcc1
Add -codec execution option
2022-04-26 16:58:03 +03:00
mpgn
58c7ff3acf
Add nla output
2022-04-20 04:56:42 -04:00
mpgn
6e1f1326fb
Add nla output
2022-04-20 04:34:49 -04:00
mpgn
6905795272
Add pip for aardwolf
2022-04-20 03:41:15 -04:00
mpgn
877741c2f6
Update RDP protocol to support NLA
2022-04-01 10:02:34 -04:00
Kevin Pascoe
c2d33c958e
Add SSL support to winrm protocol
2022-03-31 11:52:08 +01:00
mpgn
a2ae85a376
Change timeout to 10 for RDP screenshot
2022-03-15 06:43:31 -04:00
mpgn
c4bd3f8490
Better error message on rdp protocol
2022-03-13 08:08:53 -04:00
mpgn
bef7c4e172
Add screenshot option for RDP protocol
2022-03-13 08:01:04 -04:00
mpgn
bfb40f2d4f
Update RDP protocol and adding better error message
2022-03-12 06:54:40 -05:00
mpgn
a04e20d6fc
Update ldap #542
2022-03-06 11:58:20 -05:00
mpgn
47e6521822
Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec
2022-03-06 11:07:19 -05:00
mpgn
9abfb17d4e
Update ldap #542
2022-03-06 10:59:31 -05:00
mpgn
b770c59cdc
Update rdp protocol
2022-03-06 10:55:24 -05:00
mpgn
2467a57792
Merge pull request #546 from qtc-de/bug/mssql-check-if-admin
...
Fix mssql check_if_admin function
2022-03-06 13:14:24 +01:00
TNeitzel
4dc4fd72c2
Add STATUS_NO_SUCH_FILE to success status
...
When the remote server returns a STATUS_NO_SUCH_FILE message, cme
interprets the login credentials as wrong. However, impackets
smbserver.py proves that this can be wrong.
2022-03-03 21:52:37 +01:00
TNeitzel
0e3c792b9c
Fix mssql check_if_admin function
...
The check_if_admin function from mssql.py takes an additional auth
parameter, that is actually not used. Other parts of the code are
calling the function without the parameter, which leads to an error when
enumerating mssql endpoints. By simply removing the parameter and fixing
the locations that use it, the issue gets resolved.
2022-03-03 21:25:03 +01:00
Serizao
b7e2d686d3
Update database.py
2022-03-02 08:11:38 +01:00
Serizao
19523a75b5
Update database.py
2022-03-02 08:07:20 +01:00
Serizao
998b6a4f36
Update smb.py
2022-03-02 08:04:35 +01:00
Serizao
b6acf4f4e3
Update database.py
2022-03-02 08:01:58 +01:00
Serizao
955ff4e4d3
Update smb.py
2022-03-02 08:00:26 +01:00
mpgn
bebf4b1895
Add first version of new RDP protocol
2022-02-28 17:18:53 -05:00
mpgn
e15ae44c81
Push from public repo
2022-02-27 08:08:30 -05:00
mpgn
fc3df056a0
Update option for ldap protocol with --no-smb
2022-02-27 08:00:44 -05:00
mpgn
f7ab07bbcc
Add lsa and sam function to winrm
2022-02-23 15:09:49 -05:00
mpgn
b713723269
Add laps function for WinRM
2022-02-11 16:38:39 -05:00
mpgn
8d665375a8
Improve laps core functon
2022-02-10 16:36:07 -05:00
mpgn
c3dec653d4
Add check for audit mode #523
2022-02-07 16:19:46 -05:00
mpgn
47dd3cdfc2
Add audit mode #523
2022-02-06 17:56:41 -05:00
HynekPetrak
fdc2aadf2b
sanitize IPv6 in a file name
2022-02-06 16:44:06 -05:00
mpgn
19a5896c1e
Fix issue when local account is used with bh #533
2022-02-06 07:33:49 -05:00
mpgn
394fcb3796
Impriove support for kerberos on ldap
2022-01-19 13:36:33 -05:00
mpgn
766ee48328
Fix kerberos ntds dump
2022-01-19 13:13:05 -05:00
mpgn
d90709bd97
Fix exception
2021-12-18 15:33:46 -05:00
mpgn
66621b9014
Merger master public to sponsor version
2021-12-17 15:45:21 -05:00
mpgn
0280c5d781
Merge pull request #514 from brightio/patch-1
...
Fix a number of unhandled expections in cme/protocols/smb.py
2021-12-17 21:43:20 +01:00
brightio
2628a427d8
Fix a number of unhandled expections in cme/protocols/smb.py
2021-12-11 14:57:37 +01:00
mpgn
e979dfe4f9
Add bloodhound core feature
2021-11-20 16:37:14 -05:00
mpgn
b31ffc1a64
Improve laps core function
2021-11-17 07:37:20 -05:00
Dliv3
a4c7680fc6
Fix winrm login failed
2021-11-09 20:19:06 +08:00
mpgn
0f5fe00f9e
Fix ldap kerberos login
2021-11-01 14:27:14 -04:00
mpgn
23b0ff2a0c
Add parameter to laps option
2021-10-17 14:41:20 -04:00
mpgn
fcddee656e
Update laps core function
2021-10-17 11:50:29 -04:00
mpgn
ef1e5d3fb1
Add laps option to smb proto first version
2021-10-16 18:08:07 -04:00
mpgn
6e1e254a60
Add protocol and port regarding the protocol and port used
2021-10-16 15:37:06 -04:00
mpgn
e75b4b2e16
Update ldap protocol: function users() and groups()
2021-10-16 11:41:04 -04:00
mpgn
e040752503
add debug print for smbexec method
2021-09-26 15:24:09 -04:00
mpgn
0000854b82
Remove filess method
2021-09-21 11:21:40 -04:00
mpgn
2942be1188
Add timeout to smb connection to 2 sec by default, much much better
2021-09-21 11:21:16 -04:00
mpgn
2f0fc12cde
Bump CME to version 5.2.0
2021-09-19 10:23:26 -04:00
mpgn
fdf6cd31db
Merge pull request #2 from mpgn/dev3
...
Push dev branch to master
2021-09-18 23:04:16 +02:00
mpgn
fdab5c545f
Update ldap protocol message
2021-09-18 17:02:01 -04:00
mpgn
53a51a02f2
Fix #464 thanks Wil
2021-09-18 22:44:48 +02:00
mpgn
a31d03a99a
Fix #486 with ntds dump thx @b13bs
2021-09-18 22:44:48 +02:00
mpgn
d5a005898e
Improve LDAP protocol
...
- improve authentification status error
- check if user is on a juicy group
2021-07-02 04:50:41 -04:00
mpgn
c3516fe9d5
Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec
2021-06-28 13:25:31 -04:00
mpgn
091915b990
Fix and add a lot, check commit message
...
Update LDAP proto:
- can fetch a LDAP domain from an account from another domain (trust relation between forest)
- fix sizeLimit to unlimited on LDAP queries
- fix little mistake in LDAP modules
Update SMB proto:
- fix users function when DC is vulnerable to NULL SESSION
- add SAMRPC function to fetch users on the domain
- add option --computers to fetch all computers
Update CLI
- add function export, but it's not tested
2021-06-24 14:38:24 -04:00
mpgn
9104e18f7e
Add port option to WinRM protocol #469
2021-05-30 16:49:12 -04:00
mpgn
215c479957
Fix spelling mistake
2021-05-30 16:28:37 -04:00
mpgn
3b5c912e68
Merge pull request #450 from nodauf/patch-1 @nodauf
...
Add option --password-not-required
2021-05-30 21:19:35 +02:00
mpgn
3ade69abed
Fix missing try catch on --shares option
...
Thx to @0xdf report !
2021-04-02 19:25:06 +02:00
mpgn
d2f0b66ae4
Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X
2021-02-28 09:48:50 -05:00
mpgn
627966e227
Small code Refactoring for ldap protocol
2021-01-29 18:25:39 -05:00
mpgn
ba91408c74
Fix smb error not correctly catched
2021-01-29 11:30:05 -05:00
mpgn
b2a53dc896
Better null session handle
2021-01-29 05:53:40 -05:00
mpgn
d53343369b
Fix function name sessions option
2021-01-27 05:49:23 -05:00
nodauf
0487e55234
Add option --password-not-required
...
Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD. With this flag the user is not subject to a possibly existing policy regarding the length of password. So he can have a shorter password than it is required, or it may even have no password at all, even if empty passwords are not allowed
2021-01-23 12:21:33 +01:00
mpgn
567ed8d8c3
Add option --users and --groups to LDAP protocol
2021-01-21 09:45:55 -05:00
mpgn
95aad485fb
Fix issue #412
2021-01-21 05:28:56 -05:00
mpgn
719f18ac78
Fix cmedb encoding error #439
2021-01-21 05:08:06 -05:00
mpgn
908d074815
Catch exception if domain controller not found --kdcHost
2021-01-21 03:54:26 -05:00
mpgn
af2dc05b7e
Add --continue-on-success option to ldap protocol
2021-01-21 03:47:45 -05:00
mpgn
7210bc1eae
Add better error management for --shares
2020-12-09 17:12:58 -05:00
mpgn
b0aa66a074
Fix encode error on spider option #430
2020-11-27 18:46:41 -05:00
mpgn
cc7573155f
Fix pass policy max password age #435
2020-11-27 15:51:09 -05:00
byt3bl33d3r
cb5c8855ed
Version 5.1.3 🔥
...
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
give you a completion percentage and the number of hosts remaining to
scan
2020-11-15 16:42:28 -07:00
Dliv3
50bebac056
Fix mssql enum host info error
2020-10-01 22:46:13 +08:00
Dliv3
7dde1a13f6
Update mssql check_if_admin
2020-10-01 16:12:16 +08:00
mpgn
6885d9fd30
Add local-auth flag for MSSQL proto
2020-09-06 15:38:29 -04:00
mpgn
bd549d0e6f
Fix false positive on ckec_if_admin func MSSQL
2020-09-06 10:09:44 -04:00
mpgn
74ddbe7545
Fix check_if_admin() function for mssql
2020-09-06 09:30:03 -04:00
mpgn
e47b110603
Improve MSSQL login
2020-09-06 09:21:38 -04:00
mpgn
8785f5d3f4
option --ntds doesn't require to be admin anymore check #408
2020-08-12 17:27:53 +02:00
mpgn
ce8094045d
Add more compatibility for windows exe
...
- decrease winrm timeout to 3 seconds so @IppSec 's videos
tlast less time :)
-- add ico to cme exe
-- add option smb-server-port to make cme compatible with windows
2020-07-30 15:14:31 +02:00
mpgn
1aa2f8cc0f
Fix winrm uninitialized variable and hash auth option
2020-07-28 10:16:06 -04:00
mpgn
d80c4bf39c
Fix some logic error using option asreproast #398
2020-06-30 16:49:11 -04:00
mpgn
2fd9ac50e4
Add ntlm hash auth with ldap protocol
2020-06-22 06:25:32 -04:00
mpgn
4120883f6d
Add hash auth with winrm protocol
2020-06-22 06:25:00 -04:00
mpgn
56f1f9dd93
Login return False only if NT_STATUS_LOGON_FAILURE
2020-06-21 15:21:07 -04:00
mpgn
280d497b0d
Add conditional check on the func login()
...
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
2020-06-20 18:16:37 -04:00
mpgn
8f2ef3fdaf
Add color when smb status is not ACCESS_DENIED #391
2020-06-20 13:20:27 -04:00
mpgn
648d756701
Improve os import for ldap protocol
2020-06-20 06:30:25 -04:00
mpgn
c590230f97
Clean authentication fail message on winrm protocol when ntlm error
2020-06-20 06:26:32 -04:00
mpgn
b8c505c234
Improve output of protocol winrm
2020-06-20 06:20:53 -04:00
mpgn
046056d273
Add option --continue-on-success to smb protocol
2020-06-20 06:10:05 -04:00
mpgn
5b6d66950f
Fix ssh authentication error and update option for unconstrainte delegation to --trusted-for-delegation
2020-06-20 05:56:55 -04:00
mpgn
957820e339
Fix ldap protocol os import
2020-06-19 17:57:09 -04:00
mpgn
ad4f06918b
Refactor the ldap module and add option --admin-count and --trusted-for-auth
2020-06-19 17:31:34 -04:00
mpgn
e5d1942251
Add kerberoasting and asrepoast attack with LDAP protocol
2020-06-19 09:20:22 -04:00
Alexandre Beaulieu
4a19d4dc32
feat(ssh): Add support for publickey authentication.
2020-05-21 09:03:12 -04:00
mpgn
8931ec2300
Add Windows spec file to compile CME for Windows
2020-05-10 20:06:08 +02:00
mpgn
b796000343
Fix issue #321 option --continue-on-success
2020-05-09 09:36:31 -04:00
mpgn
3e1fa0f258
Fix local-auth authentication
2020-05-09 08:20:53 -04:00
mpgn
d3a7effb86
Fix ssh issue #375
2020-05-09 07:59:53 -04:00
mpgn
b778306cc1
Always print FQDN
2020-05-05 12:13:32 -04:00
mpgn
3b57fb0869
Add checkifadmin() for Kerberos auth #22
2020-05-05 12:11:18 -04:00
mpgn
1820cc1ffb
Show FQDN instead of domain name
2020-05-04 15:30:56 -04:00
mpgn
622245dcfa
Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
...
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
mpgn
1308bc30c8
Adding Kerberos support for CME #22
...
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
mpgn
c3c9b2f04a
Remove useless code #364
2020-05-01 17:31:54 -04:00
mpgn
580018050c
Add better logic to MSSQL connection #364
2020-05-01 17:18:25 -04:00
mpgn
c5be1e5234
Add exception handler when login fails on MSSQL protocol #364
2020-05-01 17:11:54 -04:00
mpgn
bfe1d5b7c3
Fix uninitialized variable #363
2020-05-01 14:33:18 -04:00
mpgn
062e312fd5
Add try catch for issue #363
2020-05-01 14:20:55 -04:00
mpgn
4dc4892660
Check if output is byte before decoding
2020-04-30 13:56:34 -04:00
mpgn
74792ce712
Add option --no-bruteforce allowing credentials spraying without bruteforce
...
cme accept user file and password file and works like this:
user1 -> pass1
-> pass2
user2 -> pass1
-> pass2
Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
2020-04-30 10:06:57 -04:00
mpgn
78c5d9ebd9
Update WINRM authentication option
...
If you want to avoind SMB connection use the flag -d DOMAIN
2020-04-29 06:28:47 -04:00
mpgn
479ae1f721
Update MSSQL protocol for windows authentication #306
...
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
2020-04-29 05:56:11 -04:00
mpgn
f58a10124d
Update winrm method to allows code execution from normal user
...
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275
we switch from pywinrm to pypsrp
2020-04-28 15:30:18 -04:00
mpgn
e9a5841731
Fix typo on put-file function
2020-04-28 12:28:25 -04:00
mpgn
f84035fa7a
Add function get-file and put-file
2020-04-28 12:22:30 -04:00
mpgn
356b020cb3
Fix winrm warning from pywinrm
2020-04-28 07:24:01 -04:00
mpgn
63cf5af003
Fix smbexec function #269
2020-04-28 06:19:33 -04:00
mpgn
18c438993c
Fix ssh connection #351
2020-04-28 06:11:16 -04:00
mpgn
ba04528738
Add feature: file as argument for -x and -X command #269
2020-04-27 16:38:30 -04:00
mpgn
f19f137b0d
Fix smbexec.py decode error
2020-04-22 11:04:22 -04:00
byt3bl33d3r
6c0228f403
Fixed dependency hell, added Github actions workflow
...
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
dependency
2020-04-20 13:19:55 -03:00
sw
ed8c91ab60
changed comparison operators that generate syntax warnings
2020-04-20 03:22:03 +03:00
byt3bl33d3r
7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1
...
Fix false positive signing disabled with SMB2/3
2020-04-19 14:36:59 -03:00
byt3bl33d3r
498f3fc197
Merge pull request #327 from noraj/patch-1
...
lsa secrets: dump file extension
2020-04-19 14:32:48 -03:00
Alexandre ZANNI
18634423f3
lsa secrets: dump file extension
...
The logger tell you LSA secrets are dump in a file named xxx.lsa
```
SMB x.x.x.x 445 FRSCWP0001 [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```
But in reality they are logged in xxx.screts.
So just fixing the extension showed by the logger.
2019-12-19 10:12:17 +01:00
mpgn
2cf0c0fb90
Migrate cmedb to python3
2019-11-12 16:39:26 -05:00
mpgn
38acbbead5
Fix option --pass-pol in python3
...
error due to :
python2 => 1 / 2 = 0
python3 => 1 / 2 = 0.5
python3 => 1 // 2 = 0
2019-11-12 13:33:14 -05:00
mpgn
73ab379acc
Migrate function to python3
...
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
2019-11-11 05:06:39 -05:00
mpgn
a29cf6760c
update python3
2019-11-10 18:39:00 -05:00
mpgn
c3c4b3192d
start python3 migration
2019-11-10 22:42:04 +01:00
byt3bl33d3r
48fd338d22
Merge pull request #304 from gustavi/master
...
Fix encoding in smb --sam
2019-08-16 10:57:11 -06:00
byt3bl33d3r
44fd121dce
Merge pull request #309 from shadowgatt/master
...
Fixing SMB encoding error
2019-08-16 10:56:39 -06:00
Ryan
f1228174cd
Update winrm.py
...
Closes https://github.com/byt3bl33d3r/CrackMapExec/issues/310
2019-08-16 08:58:26 -05:00
root
12443285e9
Fix SMB encode
2019-07-13 17:52:00 +02:00
root
e435a4f87b
Fix SMB encode
2019-07-13 17:50:24 +02:00
Augustin Laville
fdb41c0125
Fix encoding in smb --sam
2019-04-12 13:32:38 +02:00
Harrison Neal
85e4de988b
Fix false positive signing disabled with SMB2/3
...
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection. When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state. Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite. The latter contributed to many false positives in the --gen-relay-list output file. This is a hackish change that addressed the issue for me.
2019-03-26 15:45:02 -04:00
byt3bl33d3r
f61cb7e3f0
Merge pull request #256 from FrankSpierings/patch-2
...
Modified logging in spider.py
2018-08-28 19:57:55 +08:00
byt3bl33d3r
50a379dad4
Merge pull request #255 from FrankSpierings/patch-1
...
Update smbspider.py - Feature to use `--spider '*'` to spider all rea…
2018-08-28 19:55:54 +08:00
root
1a7174137c
Added remotehost in the spidering output. It is now //<remotehost>/<share>/<folder *>/<file>
2018-07-07 14:33:14 +00:00
Frank Spierings
2823452053
Update smbspider.py - Feature to use `--spider '*'` to spider all readable shares
...
I've added the option to allow spidering over all readable shares.
2018-07-07 16:00:59 +02:00
Korey McKinley
7034ab66d0
Flag to allow continuation while password spraying
...
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)
Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success
In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
2018-05-26 19:44:24 -06:00
byt3bl33d3r
f3465ef008
Fixed up @aj-cgtech changes
2018-03-01 12:36:17 -07:00
byt3bl33d3r
5fd4aa716c
Merge branch 'usersfix' of https://github.com/aj-cgtech/CrackMapExec into aj-cgtech-usersfix
2018-03-01 11:57:33 -07:00
Markus Krell
8dd4e95fe7
fixes debug output error if exec method fails
2018-02-23 14:55:05 +01:00
aj-cgtech
fffc24ae46
Having worked out how the protocol object is created. Created config
...
object once, and set as an attr on each protocol.
More elegant, and allows for further config options in the future.
2018-02-23 10:13:46 +00:00
aj-cgtech
b6a7028999
Typo, not l33t.
2018-02-22 21:18:31 +00:00
aj-cgtech
7e2a267328
Merging "Pwn3d!" label changes.
...
Fixes issue #236
Adds the ability to change the (Pwned!) label on CME output.
By default, nothing changes, but if required, to keep suits happy, you
can change the output of CME by adding a property to ~/.cme/cme.conf, in
the [CME] section, property "pwn3d_label".
eg:
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Woot!
2018-02-22 20:24:03 +00:00
aj-cgtech
6ee852387c
Pwn3d label parameterised in config file.
2018-02-22 13:03:07 +00:00
aj-cgtech
8bba4b46f6
Changes to users() and groups()
...
users() was failing on a bad attribute, changed code to use getattr
instead. If attribute is missing, it no longer throws exception.
extraction of domain from distinguished name was not working in all
circumstances. FOO.COM would work, but FOO.CO.UK or even FOO.BAR.CO.UK
would extract CO incorrectly. function now extracts fully qualified
domain, which then gets shortened by db_add_user() function.
2018-02-20 12:57:23 +00:00
byt3bl33d3r
4b35455997
Refactored Database Menu code
...
- Fixed some MSSQL DB interaction bugs
- Made MSSQL DB schema more consistent
- cmedb output now gets formatted using terminaltables (so perty)
- Made everything a bit more PEP8 compliant
2017-11-02 17:43:08 +08:00
byt3bl33d3r
2b00a795da
Fixed Powershell execution using MSSQL
2017-10-25 00:45:58 -06:00
byt3bl33d3r
f1c6858e55
Fixed bug where creds dumped via mimikatz wouldn't be added to the database
2017-10-24 22:56:34 -06:00
byt3bl33d3r
03f8fc6503
Fixes #187
2017-10-24 21:52:41 -06:00
byt3bl33d3r
211e78314d
Merge branch 'master' of github.com:byt3bl33d3r/CrackMapExec
2017-10-24 21:30:21 -06:00
byt3bl33d3r
e74b0a7efc
Fixes #204
2017-10-24 21:30:14 -06:00
byt3bl33d3r
e80c911378
Merge pull request #181 from martindube/fix_for_smb_fr
...
Replacing characters when they cannot be converted (UTF-8)
2017-10-24 21:14:30 -06:00
byt3bl33d3r
1603ac4819
Added WINRM support, NMap XML and .Nessus parsing
...
- Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting)
- Added support for NMap XML and .Nessus files if given as targets
- Fixed a bug in the MSSQL protocol which caused it to not retrieve host info
- Version Bump
2017-10-24 20:08:19 -06:00
byt3bl33d3r
6a645d0176
Merge branch 'master' of github.com:byt3bl33d3r/CrackMapExec
2017-10-21 17:24:32 -06:00
byt3bl33d3r
6cce1483a4
Updated Submodules
2017-10-21 17:24:09 -06:00
Louis Dion-Marcil
527b58d05c
Don't make service auto-start (disable reboot persistance)
2017-08-04 14:19:06 -04:00
Louis Dion-Marcil
b9aff9579c
Debug message for service creation/modification
2017-08-04 14:18:39 -04:00
byt3bl33d3r
212f0c363b
Updated mimipenguin module description, fixed #193
2017-07-10 08:27:45 -06:00
byt3bl33d3r
0b936def23
Takes care of issue #190 and #191 , initial SSH protocol implementation
...
- Passing --ntds will automatically use the drsuapi method (DCSync)
- Initial implementation of the SSH protocol and the mimipenguin module
(This is very much still not finished, lots of stuff missing)
- Added check to make sure existing config file is in the 4.x format
- Added splinter and paramiko to dep requirements
- Updated Impacket to latest commit
- HTTP protocol now also returns server version in output
2017-07-09 23:44:58 -06:00
byt3bl33d3r
7149b24524
Plugged in the Powershell obfuscation functionality
...
- Two new flags can be added to protocols that use powershell that can
clear cached obfuscated powershell scripts and obfuscate them if
powershell is installed
2017-06-26 03:49:04 -06:00
byt3bl33d3r
d3a50afbfc
Removed warning if powershell is not installed
2017-06-26 01:19:04 -06:00
byt3bl33d3r
11280c4ab0
Updated submodules, initial implementation of powershell script &
...
launcher obfuscation
- All powershell scripts are now obfuscated if powershell for linux is
installed using Invoke-Obfuscation
- All PS launchers are obfuscated using GreatSCT's python implementation
of launcher obfuscation (for now)
2017-06-26 01:03:43 -06:00
byt3bl33d3r
f4dfddc89b
Fixes #182
2017-06-23 12:15:09 -06:00
Martin Dubé
5eb275b55e
Replacing characters when they cannot be converted (UTF-8)
2017-06-13 14:59:18 -04:00
byt3bl33d3r
e795197501
Added support for both SMBv1 and SMBv3 connections
...
- Host info output now shows if SMBv1 is supported
2017-05-14 22:44:49 -06:00
byt3bl33d3r
4ff034f366
Added enum_avproducts module, fixed module logging
...
- Modules now do not print output of commands called from their protocol
- Added the enum_avproducts module
- Fixed the mimikatz_enum_vault_creds to not display creds with invalid
passwords
- Added an export command to the SMB protocols DB navigator (as
suggested by @hatredshapedlikeaman)
- Misc output fixes
2017-05-07 21:16:18 -06:00
byt3bl33d3r
c71692e576
Fixed HTTP protocol exiting during setup and pass pol enumeration
2017-05-05 15:10:42 -06:00
byt3bl33d3r
ee36665516
Fixed MSSQL protocol, refactored HTTP Protocol
...
- Fixed error in MSSQL protocol which would cause it to error out when
executing commands
- Fixed logic to deal with standard MSSQL auth instead of windows auth
- Refactored the HTTP protocol
2017-05-02 18:52:16 -06:00
byt3bl33d3r
8f38025821
Some submodule crap
2017-04-30 13:19:53 -06:00
byt3bl33d3r
f0752f61b7
Re-wrote the HTTP protocol to use splinter and phantomjs
...
- All http connections are now concurrent
- Added a flag to take screenshots of webpages
- Minor Code cleanup
2017-04-30 12:54:35 -06:00
byt3bl33d3r
d9fb2a506a
Fixes #168 and #167
2017-04-26 17:04:15 -06:00
byt3bl33d3r
e98f798eb3
Forcing the SMB dialect to SMBv1 since it gives us prettier OS banners
2017-04-10 02:58:33 -06:00
byt3bl33d3r
fc147ddac0
Fixed content spidering and password policy enumeration
...
- Added enumeration for password complexity (resolves #135 )
2017-04-10 01:24:23 -06:00
byt3bl33d3r
57d5d7ca13
Y'all better be ready for this, initial 4.0 release
...
- Fixed an edge case in gpp_decrypt.py also renamed to gpp_password
- Added the gpp_autologin module
- Added a workaround for the current impacket smb server bug in
get_keystrokes
- fixed formatting in the SMB database navigator
- fixed an error where DC would have there dc attribute overwritten
- Other stuff that i don't remember
2017-04-06 22:34:30 -06:00
byt3bl33d3r
602b7e13f0
Re-added most of the SMB protocol functionality
...
- Added new module gpp_decrypt
- Cleaned up the SMB spider as much as possible
- --wmi now uses pywerview
- Re-added the http protocol
2017-04-05 09:07:00 -06:00
byt3bl33d3r
cae5ffb6ce
Various fixes
2017-04-03 09:25:05 -06:00
byt3bl33d3r
5dc7c4ae62
Fixed logic errors when adding users and groups to the database
...
- Added debug logging to core db functions
- Fixed logging output
- Updated modules to use the new API
2017-03-29 18:03:04 -06:00
byt3bl33d3r
751f209cd7
Initial 4.0 pre-release
2017-03-27 15:09:36 -06:00
byt3bl33d3r
8e6cc4e899
DB schema for the smb protocol is now final!
...
- added two more attributes to use in modules:opsec_safe and multiple_hosts
- renamed db function names
- Added the python_injector module and it's necessary files as a reminder
2016-12-20 00:23:40 -07:00
byt3bl33d3r
9fefd167b0
Initial commit for v4.0
...
Just fyi for anyone reading this, it's not even close to being
finished.
The amount of changes are pretty insane, this commit is to serve as a
refrence point for myself.
Highlights for v4.0:
- The whole codebase has been re-written from scratch
- Codebase has been cut around 2/4
- Protocols are now modular! In theory we could use CME for everything
- Module chaining has been removed for now, still trying to figure out a
more elegant solution
- Workspaces have implemented in cmedb
- The smb protocol's database schema has been changed to support storing users,
groups and computers with their respective memberships and relations.
- I'm in the process of re-writing most of the modules, will re-add them
once i've finished
2016-12-15 00:28:00 -07:00