Commit Graph

774 Commits (b1308da93e12dc67c08ebb11e7de9d6af93479bb)

Author SHA1 Message Date
byt3bl33d3r 69167140af Added the get_groups module 2016-04-12 10:15:59 -06:00
byt3bl33d3r f6c2c2f24d Added the get_group_members module 2016-04-12 01:07:25 -06:00
byt3bl33d3r e5e954068a Added options in token module to search for a specific username in
enumerated tokens
2016-04-12 00:09:08 -06:00
byt3bl33d3r 1d6cc4ac64 Fixed typo variable 2016-04-11 23:33:57 -06:00
byt3bl33d3r ec14e47258 Changed the add_credential SQL query, added tab complete support fro the
import command
2016-04-11 23:23:15 -06:00
byt3bl33d3r b85a4ecabd Database navigator now supports filtering seearching through hosts and creds (like Empire) 2016-04-11 23:06:42 -06:00
byt3bl33d3r cd9a77796f This commit introduces a command in cme_db.py which will import
credentials from Empire using it's RESTful API (resolves half of issue #89)

Reading through Metasploit's docs, it seems like you cannot access
it's stored credentials using the RPC server (would have to directly
access the postgres db, I do have to confirm this tho)
2016-04-10 17:10:33 -06:00
byt3bl33d3r 3ce031ffee Made the output of --lusers actually decent 2016-04-09 15:18:10 -06:00
byt3bl33d3r 4da8c07956 Cleaned up the Powershell code in the token_rider module:
* Added error handling in case a command fails to execute on a target
* POST request code is now a function
* Made the output POST'd back to us actually useful
2016-04-09 14:36:31 -06:00
byt3bl33d3r 94d1c040c8 Initial commit for the token_rider module! OMFG this thing is amazing
it deserves its own blog post!

Fixed a bug with the smbexec execution method which would cause it to
exit without retrieving output
2016-04-09 03:57:40 -06:00
byt3bl33d3r d3eb5cd8ff Added entry in .gitignore 2016-04-08 22:13:01 -06:00
byt3bl33d3r 84dfa1d839 Lots of unicode fixes (omfg halp) resolves issue #92 2016-04-08 20:38:49 -06:00
byt3bl33d3r 9052e48286 Removed decription of authentication error (will display if --verbose is
passed)

Fixed host tracking in the inject_pe_dll.py module
2016-04-08 19:58:01 -06:00
byt3bl33d3r eb4f185118 Database now tracks which users have admin access to which hosts
Added a configuration file for specifying Empire's and Metasploits API and RPC creds
Added the empire_agent_exec module: connects to Empire, generates a launcher and executes it

Minor bug fixes
2016-04-08 00:25:06 -06:00
byt3bl33d3r a1c41d97c9 Fixed incorrect error handling when database wasn't created
(part of issue #93)
2016-04-03 20:21:58 -06:00
byt3bl33d3r cd989879d4 Removed debug statement and fixed output in tokens.py module 2016-03-30 13:11:28 -06:00
byt3bl33d3r 7bfe04236a Added a tokens module to enumerate available tokens
Added a --server-host flag to specify the IP to bind the server to
2016-03-30 12:58:55 -06:00
byt3bl33d3r 9262832b86 Fixed missing imports when dumping NTDS via vss 2016-03-30 11:37:34 -06:00
byt3bl33d3r 7e6657eedb fixed timeout and error handling when smb spidering 2016-03-30 10:06:23 -06:00
byt3bl33d3r e6a293c9f3 Updated usage in README 2016-03-30 00:47:17 -06:00
byt3bl33d3r e5e38cb881 Re-added License to master 2016-03-30 00:45:16 -06:00
byt3bl33d3r 05387abf65 Changed the wdigest flag 2016-03-30 00:26:09 -06:00
byt3bl33d3r 811001edc4 Forgot to add the smbspider class back in connector.py, whoops! 2016-03-29 23:58:24 -06:00
byt3bl33d3r 0bc0855c43 Added default mimikatz command to module description 2016-03-28 00:42:42 -06:00
byt3bl33d3r f8afef444c Changed README again 2016-03-28 00:25:19 -06:00
byt3bl33d3r f5895ac4ea Changed README 2016-03-28 00:21:20 -06:00
byt3bl33d3r 6eabf0224c Updated README 2016-03-27 15:45:41 -06:00
byt3bl33d3r 10a12a9a0f Initial v3.0 commit to master
Quick re-cap on the new features:

* Credentials and hosts are now stored in a database, the cme_db.py script can be used to query it
* Module system has been implemented allowing anyone to create payloads
* All underlying powershell code has been ported to a module
* The HTTP/HTTPS server now tracks connections: no more guessing when to CTRL-C
* All around better code quality, error handling and logging
2016-03-27 15:17:18 -06:00
byt3bl33d3r 792a631fe2 Updated the usage in README 2016-03-12 19:20:40 -07:00
byt3bl33d3r 4c3ca3a0f6 Added the --tokens options to enumerate available tokens (issue #86)
Re-added Empire's function to strip powershell comments
Changed the PowerView PS script to the actual supported one
2016-03-12 18:24:08 -07:00
byt3bl33d3r 5814121e6d Actually pushing the new cert would be nice 2016-03-11 22:08:13 -07:00
byt3bl33d3r f4141c9041 Regererated SSL cert, fixed a typo variable 2016-03-11 22:02:25 -07:00
byt3bl33d3r 3ec981f3fa Re-added the --timeout option 2016-03-11 20:09:52 -07:00
byt3bl33d3r ade4c12ad4 Revert "Stole Empires powershell architecture detection code, arch is now detected and handled automatically"
This reverts commit cd103f5cb6.

This is being reverted due to a bug in wmiexec when executing long
command strings. Falling back to the old method for now until/if fixed.
2016-03-11 20:01:42 -07:00
byt3bl33d3r bdcebd0045 Changed the default server to HTTPS (cause why not) 2016-03-07 22:32:35 -07:00
byt3bl33d3r cd103f5cb6 Stole Empires powershell architecture detection code, arch is now detected and handled automatically
Removed the --ps-arch option as its now useless
Added a --timeout switch to specify a max timeout for each thread
Regenerated default key and cert for the https server
2016-03-07 20:13:51 -07:00
byt3bl33d3r 2427ccaa9b Updated README 2016-01-27 00:29:35 -07:00
byt3bl33d3r 7b255b3c9a - More code cleanup in the smart_login function, added pwdump support
when using the combo file (-C) flag (resolves #80)
2016-01-26 23:50:33 -07:00
byt3bl33d3r c50ffb0f65 - Re-Factored MSSQL support for better integration when executing
commands and attacks (e.g. mimikatz, injection)
- By default, the --mssql flag will enumerate db instances and will
  allow you to execute commands through xp_cmdshell
- Made some logic changes on how/when connections are initiated
2016-01-26 21:23:03 -07:00
byt3bl33d3r 3c5cf012fd - Password. Username and Hash flags now accept one file or
user/pass/has per
  argument
- smart_login function partial code cleanup
2016-01-19 01:56:42 -07:00
byt3bl33d3r b1646c3f76 - Made output *FABULOUS* by aligning the logger output
- Moar unicode fixes (srsly fuck unicode)
2016-01-18 20:40:50 -07:00
byt3bl33d3r 224befe25d Fixed bug that would cause a traceback in rpcquery.py when PTH 2016-01-17 22:43:57 -07:00
byt3bl33d3r 5c31910571 Fixed .join() error in smart_login.py when PTH 2016-01-17 22:42:53 -07:00
byt3bl33d3r 7075c095cc Fixed wmiquery error when passing-the-hash 2016-01-17 12:28:52 -07:00
byt3bl33d3r d383c3df8f Updated requirements.txt 2016-01-17 00:51:25 -07:00
byt3bl33d3r 65187a7190 Updated Readme 2016-01-17 00:22:22 -07:00
byt3bl33d3r 3aaa378a23 - HTTP/S server now uses the new logging system 2016-01-17 00:09:45 -07:00
byt3bl33d3r 256f2cd12d - Powershell process architecture is now auto selected based on payload
- Added flag to force Powershell process architecture
2016-01-16 23:00:50 -07:00
byt3bl33d3r d1508d2923 Merge branch 'mssql_and_logging' of github.com:byt3bl33d3r/CrackMapExec into mssql_and_logging 2016-01-16 22:40:45 -07:00
byt3bl33d3r 5a1adba648 - Logging has been overhauled for readability and parsing (resolves #47)
- Added flag to test creds against MSSQL DBs (resolves #66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
- Added flag to enumerate MSSQL DB instances
- Targets are now accepted with arguments instead of a comma
  seperated list (resolves #71)
2016-01-16 22:39:56 -07:00