swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
541 Commits
2 Branches
0 Tags
13 MiB
Commit Graph

90 Commits (b7960003432a024a12616dfb6131e59ccc230be9)

Author SHA1 Message Date
mpgn b796000343 Fix issue #321 option --continue-on-success 2020-05-09 09:36:31 -04:00
mpgn 3e1fa0f258 Fix local-auth authentication 2020-05-09 08:20:53 -04:00
mpgn d3a7effb86 Fix ssh issue #375 2020-05-09 07:59:53 -04:00
mpgn b778306cc1 Always print FQDN 2020-05-05 12:13:32 -04:00
mpgn 3b57fb0869 Add checkifadmin() for Kerberos auth #22 2020-05-05 12:11:18 -04:00
mpgn 1820cc1ffb Show FQDN instead of domain name 2020-05-04 15:30:56 -04:00
mpgn 622245dcfa Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support 
add error when not credential foud on lsassy module #368
 2020-05-04 13:23:41 -04:00
mpgn 1308bc30c8 Adding Kerberos support for CME #22 
TODO
- aeskey
- dc-ip
- checkifadmin()
 2020-05-03 14:30:41 -04:00
mpgn c3c9b2f04a Remove useless code #364 2020-05-01 17:31:54 -04:00
mpgn 580018050c Add better logic to MSSQL connection #364 2020-05-01 17:18:25 -04:00
mpgn c5be1e5234 Add exception handler when login fails on MSSQL protocol #364 2020-05-01 17:11:54 -04:00
mpgn bfe1d5b7c3 Fix uninitialized variable #363 2020-05-01 14:33:18 -04:00
mpgn 062e312fd5 Add try catch for issue #363 2020-05-01 14:20:55 -04:00
mpgn 4dc4892660 Check if output is byte before decoding 2020-04-30 13:56:34 -04:00
mpgn 74792ce712 Add option --no-bruteforce allowing credentials spraying without bruteforce 
cme accept user file and password file and works like this:
user1 -> pass1
      -> pass2
user2 -> pass1
      -> pass2

Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
 2020-04-30 10:06:57 -04:00
mpgn 78c5d9ebd9 Update WINRM authentication option 
If you want to avoind SMB connection use the flag -d DOMAIN
 2020-04-29 06:28:47 -04:00
mpgn 479ae1f721 Update MSSQL protocol for windows authentication #306 
If you want to use windows auth for MSSQL without SMB, add the flag -d DOMAIN
 2020-04-29 05:56:11 -04:00
mpgn f58a10124d Update winrm method to allows code execution from normal user 
User who can winrm but are not local admin can now use this method to exec command
more at https://github.com/diyan/pywinrm/issues/275

we switch from pywinrm to pypsrp
 2020-04-28 15:30:18 -04:00
mpgn e9a5841731 Fix typo on put-file function 2020-04-28 12:28:25 -04:00
mpgn f84035fa7a Add function get-file and put-file 2020-04-28 12:22:30 -04:00
mpgn 356b020cb3 Fix winrm warning from pywinrm 2020-04-28 07:24:01 -04:00
mpgn 63cf5af003 Fix smbexec function #269 2020-04-28 06:19:33 -04:00
mpgn 18c438993c Fix ssh connection #351 2020-04-28 06:11:16 -04:00
mpgn ba04528738 Add feature: file as argument for -x and -X command #269 2020-04-27 16:38:30 -04:00
mpgn f19f137b0d Fix smbexec.py decode error 2020-04-22 11:04:22 -04:00
byt3bl33d3r 6c0228f403 Fixed dependency hell, added Github actions workflow 
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
  dependency
 2020-04-20 13:19:55 -03:00
sw ed8c91ab60 changed comparison operators that generate syntax warnings 2020-04-20 03:22:03 +03:00
byt3bl33d3r 7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1 
Fix false positive signing disabled with SMB2/3
 2020-04-19 14:36:59 -03:00
byt3bl33d3r 498f3fc197
Merge pull request #327 from noraj/patch-1 
lsa secrets: dump file extension
 2020-04-19 14:32:48 -03:00
Alexandre ZANNI 18634423f3
lsa secrets: dump file extension 
The logger tell you LSA secrets are dump in a file named xxx.lsa

```
SMB        x.x.x.x 445    FRSCWP0001       [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```

But in reality they are logged in xxx.screts.

So just fixing the extension showed by the  logger.
 2019-12-19 10:12:17 +01:00
mpgn 2cf0c0fb90 Migrate cmedb to python3 2019-11-12 16:39:26 -05:00
mpgn 38acbbead5 Fix option --pass-pol in python3 
error due to :
	python2 => 1 / 2 = 0
	python3 => 1 / 2 = 0.5
	python3 => 1 // 2 = 0
 2019-11-12 13:33:14 -05:00
mpgn 73ab379acc Migrate function to python3 
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
 2019-11-11 05:06:39 -05:00
mpgn a29cf6760c update python3 2019-11-10 18:39:00 -05:00
mpgn c3c4b3192d start python3 migration 2019-11-10 22:42:04 +01:00
byt3bl33d3r 48fd338d22
Merge pull request #304 from gustavi/master 
Fix encoding in smb --sam
 2019-08-16 10:57:11 -06:00
byt3bl33d3r 44fd121dce
Merge pull request #309 from shadowgatt/master 
Fixing SMB encoding error
 2019-08-16 10:56:39 -06:00
Ryan f1228174cd
Update winrm.py 
Closes https://github.com/byt3bl33d3r/CrackMapExec/issues/310
 2019-08-16 08:58:26 -05:00
root 12443285e9 Fix SMB encode 2019-07-13 17:52:00 +02:00
root e435a4f87b Fix SMB encode 2019-07-13 17:50:24 +02:00
Augustin Laville fdb41c0125 Fix encoding in smb --sam 2019-04-12 13:32:38 +02:00
Harrison Neal 85e4de988b
Fix false positive signing disabled with SMB2/3 
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection.  When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state.  Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite.  The latter contributed to many false positives in the --gen-relay-list output file.  This is a hackish change that addressed the issue for me.
 2019-03-26 15:45:02 -04:00
byt3bl33d3r f61cb7e3f0
Merge pull request #256 from FrankSpierings/patch-2 
Modified logging in spider.py
 2018-08-28 19:57:55 +08:00
byt3bl33d3r 50a379dad4
Merge pull request #255 from FrankSpierings/patch-1 
Update smbspider.py - Feature to use `--spider '*'` to spider all rea…
 2018-08-28 19:55:54 +08:00
root 1a7174137c Added remotehost in the spidering output. It is now //<remotehost>/<share>/<folder *>/<file> 2018-07-07 14:33:14 +00:00
Frank Spierings 2823452053
Update smbspider.py - Feature to use `--spider '*'` to spider all readable shares 
I've added the option to allow spidering over all readable shares.
 2018-07-07 16:00:59 +02:00
Korey McKinley 7034ab66d0
Flag to allow continuation while password spraying 
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)

Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success

In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
 2018-05-26 19:44:24 -06:00
byt3bl33d3r f3465ef008 Fixed up @aj-cgtech changes 2018-03-01 12:36:17 -07:00
byt3bl33d3r 5fd4aa716c Merge branch 'usersfix' of https://github.com/aj-cgtech/CrackMapExec into aj-cgtech-usersfix 2018-03-01 11:57:33 -07:00
Markus Krell 8dd4e95fe7 fixes debug output error if exec method fails 2018-02-23 14:55:05 +01:00