Quick re-cap on the new features:
* Credentials and hosts are now stored in a database, the cme_db.py script can be used to query it
* Module system has been implemented allowing anyone to create payloads
* All underlying powershell code has been ported to a module
* The HTTP/HTTPS server now tracks connections: no more guessing when to CTRL-C
* All around better code quality, error handling and logging
This reverts commit cd103f5cb6.
This is being reverted due to a bug in wmiexec when executing long
command strings. Falling back to the old method for now until/if fixed.
Removed the --ps-arch option as its now useless
Added a --timeout switch to specify a max timeout for each thread
Regenerated default key and cert for the https server
commands and attacks (e.g. mimikatz, injection)
- By default, the --mssql flag will enumerate db instances and will
allow you to execute commands through xp_cmdshell
- Made some logic changes on how/when connections are initiated
- Added flag to test creds against MSSQL DBs (resolves#66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
- Added flag to enumerate MSSQL DB instances
- Targets are now accepted with arguments instead of a comma
seperated list (resolves#71)
smbexec as the execution method, so for now it's forced to that
Fixed a bug where forcing Powershell code to run in a 32bit process
would cause a rpc_access_denied error message
Made Mimikatz parser output more consistent
Made wmiexec and smbexec output more consistent
Recap on changes:
Complete refactor, script broken up to make it readable
Kerberos support (!!!! sweeeeet !!!!)
Logging has been overhauled (everything sent to stdout gets logged)
Added a noOutput attr on all three excution methods
Exposed a --no-output option for moar stealth when executing commands
Exposed a --lsa option to dump LSA secrets
Exposed the -history and -pwdLastSet options from secretdump
Fixed passpoldumper
Fixed the NTDS.dit dumper
HTTP/HTTPS server now removes powershell script comments
HTTP/HTTPS server randomizes powershell function names to bypass AV on
windows 10
--session and --luser output has been made decent (resolves#42)
Moar code style changes and bugfixes
TODO:
hook back up ninja and vss NTDS.dit dumping methods
Allow all three execution methods to utilize the smbserver as fallback
to retrieve command output
expose some options to control remote services
byt3bl33d3r
byt3bl33d3r
maaaaz