Commit Graph

288 Commits (b9f0b259380aa9eb4c01b28f25f04763f4cca8fc)

Author SHA1 Message Date
bogey3 8d92e34d66
Created install_elevated.py
This module will check if the computer and the supplied user have AlwaysInstallElevated enabled.
2022-10-07 15:55:58 -04:00
mpgn fc57723678
Merge pull request #642 from nurfed1/master
LDAP protocol improvements and scan-network module bugfix
2022-10-05 17:34:56 +02:00
JulienBedel 4aeb311e22 Fix PowerShell parsing after file search 2022-10-02 18:32:01 +02:00
mpgn 65796271c0 Merge branch 'export' 2022-09-22 18:06:37 -04:00
mpgn 4c5844890c Improve module scan network 2022-09-22 18:05:39 -04:00
nurfed1 b0731f6f2c
Merge branch 'master' into master 2022-09-19 09:06:23 +02:00
Bryan De Houwer f391b8a2a6 Bug fix: ensure DN is lowercase 2022-09-18 20:49:03 +02:00
Tw1sm 15638400ea include compatibilitylevel 2 2022-09-16 09:30:56 -05:00
Tw1sm 196d91c6bd added ntlmv1 check module 2022-09-15 17:51:54 -05:00
mpgn 73b945341f
Merge pull request #613 from spyr0-sec/master
whoami LDAP module
2022-09-09 20:41:34 +02:00
mpgn 91be977ebb update module ldap whoami 2022-09-08 15:04:04 -04:00
mpgn 080d9e1d97
Merge pull request #608 from wlayzz/shebang_and_encoding
Adding shebang and encoding utf-8 for all python files
2022-09-07 21:05:56 +02:00
mpgn 1bc2cd2dad Add module scan-subnet 2022-09-07 10:51:56 -04:00
JulienBedel be5883a6a1 Fix typo in log messages 2022-09-04 15:13:43 +02:00
JulienBedel 904e0e7f29 Add keepass_trigger module 2022-09-04 14:29:41 +02:00
Julien Bedel 6d762f1766
Fix typo 2022-09-03 23:14:47 +02:00
JulienBedel 8248e6007d Add keepass_discover module 2022-09-03 19:39:34 +02:00
spyr0 8acbc3bba2 Never logged on handling 2022-08-11 12:10:19 +01:00
spyr0 653a710759 Added ServicePrincipalNames 2022-08-11 11:12:31 +01:00
spyr0 293e9a9164 Added SamAccountName option, more attributes and error handling 2022-08-11 10:54:05 +01:00
spyr0 d520ecc7a5 Fixed description output 2022-08-08 17:18:45 +01:00
spyr0 b9e3e2ea40 whoami LDAP module 2022-08-08 16:47:57 +01:00
BlWasp 175b5b29d0 Add the new daclread.py module and the msada_guids.py library 2022-07-30 12:35:55 +00:00
snovvcrash a9e56a063e
Fix subnets module 2022-07-22 18:48:51 +03:00
mpgn 3524b4e5bb
Update gpp password module 2022-07-21 14:43:30 +02:00
mpgn 177dceded8 Fix infinit loop for module hash_spider 2022-07-19 06:45:38 -04:00
Wlayzz b57ba767f8 Adding shebang and encoding utf-8 for all python files 2022-07-19 01:59:14 +02:00
mpgn fad09bd6b0 Update spider hash module to work with local auth and add reset option 2022-07-18 17:18:40 -04:00
pgormanDS 6f24cb2023
Update hash_spider.py 2022-07-16 09:20:51 -05:00
pgormanDS cb98872bfa
Merge branch 'Porchetta-Industries:master' into master 2022-07-16 09:20:25 -05:00
Defte b08f9ac64d
Update impersonate.py 2022-07-09 18:34:35 +02:00
mpgn dbc45def20 Update code 2022-07-08 07:58:14 -04:00
LuemmelSec b571158953
Create ldap-checker.py
Added a module to check for LDAP signing and channel binding settings.
2022-07-08 01:46:11 +02:00
pixis e8947d60d4 lsassy v3.1.3 2022-07-06 10:11:23 +02:00
Defte 01ad4e24a3
Add files via upload 2022-07-04 13:44:35 +01:00
choi 9e1cabada5 add shadowcoerce module 2022-06-29 19:11:46 -04:00
guervild 34b0683b94
Add nanodump to support MSSQL 2022-06-29 13:44:56 +02:00
choi 1f2cfefc9a add dfscoerce module 2022-06-29 02:09:52 -04:00
Dimitri Lesy e7dda670d0 Remove duplicate logic 2022-06-24 01:28:59 +02:00
Dimitri Lesy 82d5c9b500 Ensure correct domain name 2022-06-24 01:24:36 +02:00
Dimitri Lesy a6761bfa50 Add nanodump results to cmedb 2022-06-24 01:04:39 +02:00
mpgn 52bc18c548 Cleanup cme 2022-06-20 07:53:30 -04:00
mpgn 8a6b82a410
Merge branch 'master' into master 2022-06-18 23:14:24 +02:00
mpgn 3a6451a4c5 Recompile the binaries x64 and x86 2022-06-18 17:05:26 -04:00
Dimitri Lesy 649917ee6b Write hostname, architecture and domain in the file name 2022-06-18 02:56:55 +02:00
Dimitri Lesy e8fee88ac7 Determine architecture using os_arch 2022-06-18 00:05:27 +02:00
Dimitri Lesy 942a9a7a7f Determine architecture using os_arch 2022-06-17 23:50:21 +02:00
mpgn 75abd6148c
Merge pull request #552 from fang0654/master
Added module for finding other network addresses on a host via WMI
2022-06-17 22:10:10 +02:00
Dimitri Lesy 350ee7f2b5 Support Unicode 2022-06-17 19:19:38 +02:00
Dimitri Lesy e5d1d0c154 Support Unicode 2022-06-17 19:15:24 +02:00
Dimitri Lesy 97093f448a Fix little typo 2022-06-03 16:01:02 +02:00
Dimitri Lesy 7b8c1ffe64 NanoDump bugfixes and additions 2022-06-03 15:55:29 +02:00
Dan Lawson 8eb340a1f7 Added module for finding other network addresses on a host via WMI 2022-03-11 17:00:25 -06:00
mpgn 47e6521822 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2022-03-06 11:07:19 -05:00
Adam 1e69eb3791 * Add necessary class for success when calling EfsRpcEncryptFileSrv 2022-03-04 11:24:10 -06:00
mpgn e15ae44c81 Push from public repo 2022-02-27 08:08:30 -05:00
mpgn 2df0069c46 Cleanup module 2022-02-23 15:09:19 -05:00
p0dalirius 725659f4d8 Added sorting of LAPS computers output (easier to read) 2022-02-17 15:00:30 +01:00
p0dalirius f5ed47e630 Fixed improper exception handling of lsass dump parsing 2022-02-16 10:43:00 +01:00
mpgn 681adf3614 Update MAQ module 2022-02-13 07:22:55 -05:00
mpgn c79714249a Remove error message when using MAQ module 2022-02-06 07:40:49 -05:00
mpgn ba79b0e474 Fix issue #531 2022-02-05 17:58:49 -05:00
pgormanDS 9c27dab06a
Update hash_spider.py
expired creds check to prevent account lockouts.
2022-02-01 15:17:11 -06:00
pgormanDS a4839e1bd7
Update hash_spider.py 2022-02-01 11:43:27 -06:00
pgormanDS 3f5596b01a
Create hash_spider.py 2022-01-31 14:18:47 -06:00
mpgn 4e0d7700a4 Add description module ms17-010 2022-01-16 12:57:40 -05:00
mpgn 8c77eacbbf Update module adcs 2021-12-18 16:21:42 -05:00
mpgn c259a42c6c Add modules IOXIDResolver & MS17-010 2021-12-18 15:28:34 -05:00
mpgn 66621b9014 Merger master public to sponsor version 2021-12-17 15:45:21 -05:00
mpgn 772d541da5 Add nopac module 2021-12-17 15:39:04 -05:00
mpgn 0f5f45fc69 Fix petitpotam module 2021-12-08 07:46:31 -05:00
mpgn f62aef6de9 Merge branch 'master' of https://github.com/mpgn/cme 2021-12-08 07:39:37 -05:00
mpgn a2a9d6dccc Add petitpotam & zerologon module 2021-12-08 07:21:13 -05:00
zblurx 89f3a572bb FILENAME option description modified 2021-12-03 17:06:51 +01:00
zblurx d56199bb35 added drop-sc module 2021-12-03 17:00:14 +01:00
mpgn b453988f15 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2021-11-25 16:02:29 -05:00
mpgn 25686f4271
Merge pull request #509 from @p0dalirius
Added LDAP module to list AD sites and subnets
2021-11-24 20:35:41 +01:00
mpgn f2ce260666
Merge pull request #495 from @qtc-de
Add ldap-signing module
2021-11-24 20:35:36 +01:00
p0dalirius 8c9a3d37dd Added LDAP module to list AD sites and subnets 2021-11-24 20:33:14 +01:00
mpgn e979dfe4f9 Add bloodhound core feature 2021-11-20 16:37:14 -05:00
mpgn e3ba6de497 Improve output module handlekatz and nanodump 2021-11-14 12:22:44 -05:00
mpgn a17211cbf2 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2021-11-14 07:16:49 -05:00
mpgn 9c8c0f7d1f Add module handlekatz and nanodump 2021-11-14 07:15:42 -05:00
Sam Free5ide 482b49ef9e
Change info message position 2021-10-30 23:15:11 +03:00
Sam Free5ide 408b002681
Add ADCS module options 2021-10-30 22:59:39 +03:00
mpgn 6558850328 Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2021-10-18 09:49:51 -04:00
Pixis 0776ce5aee
Delete lsassy dump after process
Thanks to [Laxa](https://github.com/Laxa) message to me noticing this.
2021-10-18 15:32:34 +02:00
mpgn edd1fe127b Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2021-10-16 15:43:26 -04:00
mpgn e82b76f199
Merge pull request #497 from Hackndo/patch-1
Update module for lsassy 3.0.0
2021-10-16 21:43:16 +02:00
mpgn aea179d78a Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec 2021-10-16 15:41:30 -04:00
mpgn 4353d1f178
Merge pull request #496 from qtc-de/feat/add-user-desc-module
Add user-desc module
2021-10-16 21:41:25 +02:00
mpgn fc33982fb3 Fix conflicts 2021-10-16 15:40:25 -04:00
Pixis 186d60a787
Update module for lsassy 3.0.0 2021-10-12 18:57:18 +02:00
TNeitzel d3d077cb7a Add user-desc module
Add the user-desc module that obtains user descriptions from Active
Directory.
2021-10-02 08:40:17 +02:00
TNeitzel 577372e233 Add ldap-signing module
Add the ldap-signing module that allows to enumerate whether an LDAP
server is enforcing signing.
2021-10-02 07:25:44 +02:00
TNeitzel 69f35d6a23 Add adcs module
Add the adcs module that enumerates PKI Enrollment Services within the
domain.
2021-10-02 07:18:39 +02:00
mpgn 86564d868e
add procdump module 2021-09-21 13:36:08 +02:00
mpgn 86ad83f74b Merge branch 'master' of https://github.com/mpgn/cme 2021-09-18 17:04:46 -04:00
TNeitzel 8dc89c01a1 Fix typos
Fixed some typos
2021-09-16 07:41:55 +02:00
TNeitzel 1ca1718e14 Add webdav module
Add the webdav module that allows to enumerate whether a target has the
WebClient service running.
2021-09-16 07:31:31 +02:00
mpgn b9986a12ac
Add spooler service module
Add spooler service module to detect if the service is enabled or not using RCP call from https://raw.githubusercontent.com/SecureAuthCorp/impacket/master/examples/rpcdump.py
2021-07-05 21:02:15 +02:00
mpgn 091915b990 Fix and add a lot, check commit message
Update LDAP proto:
	- can fetch a LDAP domain from an account from another domain (trust relation between forest)
	- fix sizeLimit to unlimited on LDAP queries
	- fix little mistake in LDAP modules

Update SMB proto:
	- fix users function when DC is vulnerable to NULL SESSION
	- add SAMRPC function to fetch users on the domain
	- add option --computers to fetch all computers

Update CLI
	- add function export, but it's not tested
2021-06-24 14:38:24 -04:00
mpgn 8b05967bad
Merge branch 'master' into master 2021-05-30 22:17:08 +02:00
mpgn de5837b48c
Merge pull request #458 from sokaRepo/modules-mssql from @sokaRepo
Add privilege escalation MSSQL module
2021-05-30 22:09:44 +02:00
soka f6130ee2bb Add rollback action and fix IMPERSONATE filter 2021-05-30 18:28:14 +02:00
Podalirius 708e8e65ab
Added MachineAccountQuota LDAP module
Retrieves the MachineAccountQuota domain-level attribute
2021-05-28 10:07:50 +02:00
soka 2aaba52578 Add privilege escalation MSSQL module 2021-03-26 12:45:13 +01:00
mpgn 872cbb3d5f Update lsassy to version 2.1.4 to use latest version of pypykatz 2021-03-08 13:10:23 -05:00
mpgn 23a4e55ba8 Add LAPS module thx to @T3KX 2021-01-29 18:57:12 -05:00
mpgn 2250e5ab36 Fix grammar 2021-01-21 05:29:17 -05:00
nodauf fffb5d4532 Add module get_description 2020-12-11 18:48:35 +01:00
byt3bl33d3r cb5c8855ed Version 5.1.3 🔥
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
  give you a completion percentage and the number of hosts remaining to
  scan
2020-11-15 16:42:28 -07:00
mpgn 395a466bf7
Update spider_plus.py 2020-10-07 23:11:37 +02:00
mpgn 79e57eaa20
Fix spider_plus module options 2020-09-20 15:09:51 +02:00
mpgn 14d12fba1e Fix wireless module not showing all cleartext password 2020-09-12 15:54:51 -04:00
dev bf5b4486fc Fixed GPP filename typo and print 2020-08-26 22:47:43 -04:00
mpgn 4e444b68db Update spider_plus module with readable datetime 2020-07-30 10:30:29 -04:00
mpgn 97c92ffcdd Fix os import and add the dump optional using READ_ONLY option 2020-07-05 16:58:09 -04:00
mpgn ccb8e67e7b
Update spider_plus module
Change default output folder to TMP
Add import to fix error in try catch since os.errno does not exist anymore in python3.7
2020-07-05 21:53:07 +02:00
Vincent D 584c926af7 Add spider_plus module
Module to spider and dump small files from SMB servers.
2020-07-02 09:10:43 +02:00
pixis 4069cb7290 Add module - Set as owned in BloodHound 2020-05-05 09:59:30 +02:00
Pixis c75d7abebf
Update fix about no credentials 2020-05-04 19:32:58 +02:00
mpgn 622245dcfa Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
mpgn 47fe1e4772 Remove submodule and simplify metasploit module #357 2020-05-03 06:19:26 -04:00
mpgn ef934a7925 Rename options for module metasploit #357 2020-05-01 16:53:02 -04:00
mpgn 73fb336040 Update module metasploit #357
As the old code with the shellcode was broken, we switch to a simple powershell solution with Invoke-MetasploitPayload.ps1
2020-05-01 13:12:01 -04:00
mpgn 2ca377f3d8 Simplify command for wireless password #305 2020-04-29 11:09:44 -04:00
mpgn b6a6e6a9bf Add wireless module #305 2020-04-29 11:03:52 -04:00
mpgn 84222eb001 Fix bytes error on gpp_autologin and gpp_password modules 2020-04-22 10:33:03 -04:00
mpgn a13ec6c3d6 Fix gpp_password encoding error with python3 #350 2020-04-22 06:43:17 -04:00
byt3bl33d3r 6c0228f403 Fixed dependency hell, added Github actions workflow
- Got rid of netaddr in favor of built in ipaddress module
- cme/cmedb binaries are now built with shiv
- Removed http protocol as it was basically useless and added another
  dependency
2020-04-20 13:19:55 -03:00
mpgn e294a72924 Fix mimikatz module decode error #308 2020-04-20 06:24:56 -04:00
mpgn 9790c67620 Fix pylnk3 version from setup
fix warning with pylnk3 version
remove useless import and comment from lsassy module
2020-04-19 15:18:23 -04:00
pixis 47c83d90dc Add lsassy module 2020-04-19 20:30:35 +02:00
mpgn e2e976847b Update module rid_hijack to python3 2020-04-19 14:09:32 -04:00
byt3bl33d3r 02a62b027c
Merge pull request #295 from r4wd3r/rid_hijacking
Add RID Hijacking Persistence Module
2020-04-19 14:36:47 -03:00
mpgn ff167fa152
Fix typo response module mimikatz #334 2020-03-09 10:26:48 +01:00
mpgn 83c8e5b5a3 Add module compatibility for Python3
Mimikatz, Bloodhound etc
2020-01-18 07:20:10 -05:00
mpgn c2698ba8ed Fix HTTP server for module Mimikatz 2019-11-12 14:42:52 -05:00
mpgn 179dfef811 Fix mimikatz range issue 2019-11-11 06:26:38 -05:00
mpgn a29cf6760c update python3 2019-11-10 18:39:00 -05:00
Sebastián Castro 49a002fcd4
Merge branch 'master' into rid_hijacking 2019-03-23 16:10:44 -05:00
byt3bl33d3r 333f1c4e06 Updated all submodules, replace pycrypto with pycryptodomex 2019-03-13 21:51:25 -06:00
r4wd3r 56ed25b621
Add rid_hijack.py module 2019-02-24 20:51:16 -05:00
Dhiraj Mishra b4fb22f6fe
Get-ComputerDetails.py 2018-11-04 14:22:17 +05:30
Daniel Lawson a908d64fc1 Added module for enumerating AD DNS via WMI. 2018-01-22 18:45:56 -06:00
ganapati 6b6a1b4de5 Fix errors from empire 2017-10-25 10:28:55 +02:00
byt3bl33d3r 2b00a795da Fixed Powershell execution using MSSQL 2017-10-25 00:45:58 -06:00
byt3bl33d3r f1c6858e55 Fixed bug where creds dumped via mimikatz wouldn't be added to the database 2017-10-24 22:56:34 -06:00
byt3bl33d3r 1603ac4819 Added WINRM support, NMap XML and .Nessus parsing
- Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting)
- Added support for NMap XML and .Nessus files if given as targets
- Fixed a bug in the MSSQL protocol which caused it to not retrieve host info
- Version Bump
2017-10-24 20:08:19 -06:00