a955a7d7ab
fix(cmedb): fix LIKE queries to properly work
2023-03-13 16:10:07 -04:00
1d33c58059
refactor(smbdb): change all add_user references to add_credential and refactor some if statements
2023-03-13 16:06:18 -04:00
8463829b5b
feat(database): working on making database operations more async, reducing write concurrency issues, and fixing sqlalchemy query formats
2023-03-13 16:05:57 -04:00
a634530128
feat(cmedb): add database column for count of members of groups from AD, and the last queried time of it. Additionally transition to sqlalchemy
2023-03-13 16:05:05 -04:00
c8b472321a
feat(cmedb): update queries and fix parameter names
2023-03-13 16:05:05 -04:00
3dd7134898
chore(smb): fix formatting for smb.py
2023-03-13 16:03:50 -04:00
3c62a58008
fix(smb): update logging for shares
2023-03-13 15:58:38 -04:00
18d2b273af
feat(cmedb): update cmedb.groups sql queries to use sqlalchemy
2023-03-13 15:58:38 -04:00
9ca90fcecc
is_admin check wrong
2023-02-23 04:38:44 -05:00
c0b1d71cc8
Merge branch 'master' into dpapi
2023-02-22 20:43:47 +01:00
26e0393a31
Add check to verify if latest version of cmedb is used
2023-02-22 14:41:58 -05:00
7bfdd0a75d
store dpapi secrets in cmedb
2023-02-22 13:58:53 +01:00
393dfc3987
store domain backup key
2023-02-22 12:56:24 +01:00
602e7bb020
add option to dump cookie dpapi
2023-02-19 15:35:37 -05:00
f381728740
add message when dumping dpapi
2023-02-19 08:33:05 -05:00
681e821514
fix local auth dpapi check
2023-02-19 08:06:02 -05:00
63c49c0895
add check if da
2023-02-16 08:33:26 -05:00
9a1e52f176
change logic for masterkey
2023-02-16 08:09:21 -05:00
19a6c3887f
merge master into pr
2023-02-16 08:04:23 -05:00
ffae9abf49
fix trycatch in dpapi
2023-02-14 11:15:14 +01:00
3e2abb9e1e
improve share filter
2023-02-13 15:53:55 -05:00
6f198372ca
merge firefox into dpapi core option
2023-02-13 11:48:12 +01:00
a551244f38
Add option to only view readable/writable shares credit to @jenaye
2023-02-12 17:19:46 -05:00
c05d27b8d2
[chore] better grep
2023-02-12 09:18:41 -05:00
3b5d719d24
Simplify check
2023-02-12 08:52:22 -05:00
a0832f2190
add firefox module
2023-02-10 15:16:10 +01:00
194499533d
modify output
2023-02-09 15:34:25 +01:00
5263a4647d
modify output
2023-02-09 15:33:14 +01:00
aeb0c0ea5a
fix bugs
2023-02-08 12:16:07 +01:00
0d39dff6e9
upgrade version of dploot
2023-02-08 09:53:40 +01:00
9aa4675032
added try catch
2023-02-08 09:14:18 +01:00
10e3b32b62
fix kerberos auth
2023-02-07 22:22:40 +01:00
3086559501
auto export of domain backup key
2023-02-07 15:32:19 +01:00
33093c2d49
fix dpapi harversting
2023-02-07 14:51:01 +01:00
f790d95613
pass it to core option
2023-02-07 12:06:42 +01:00
5696026ba0
Fix exec method with kerberos
2023-02-05 08:00:46 -05:00
0c02ed4c0b
Add GMSA print id
2023-02-05 04:44:07 -05:00
af8cfa8011
Add new gmsa function <3
2022-12-14 15:45:51 -05:00
1051ec2e69
Fix smb nthash not display with kerberos
2022-12-12 14:39:29 -05:00
4bab776011
Fix --enabled option to dump only enabled accounts
...
This change allows the option to work as expected and also includes an option to grep a list of users.
2022-12-12 14:39:29 -05:00
59b953c3f7
Add - Retrieve username when using Kerberos Auth
...
This change allows the program to return the name of the user being authenticated when using Kerberos.
2022-12-12 14:39:29 -05:00
42a3d9375b
Add - Retrieve username when using Kerberos Auth
...
This change allows the program to return the name of the user being authenticated when using Kerberos.
2022-12-12 14:39:29 -05:00
31542973d7
Fix smb nthash not display with kerberos
2022-11-29 17:05:15 -05:00
99cea583e9
Add kerberos compatibility for laps option
2022-11-29 16:46:25 -05:00
7c684bcffb
Fix --enabled option to dump only enabled accounts
...
This change allows the option to work as expected and also includes an option to grep a list of users.
2022-11-22 14:28:57 -04:00
bd5a3fe91d
Add - Retrieve username when using Kerberos Auth
...
This change allows the program to return the name of the user being authenticated when using Kerberos.
2022-11-16 16:15:30 -04:00
baceb06afd
Add - Retrieve username when using Kerberos Auth
...
This change allows the program to return the name of the user being authenticated when using Kerberos.
2022-11-16 16:06:43 -04:00
9d6c3fe67e
Add kerberos compatibility for laps option
2022-11-10 16:07:41 -05:00
25978c0be0
Update smb.py
2022-11-10 22:06:35 +01:00
193ce4128e
SMB kerberos better you can put ip whithout fqdn
2022-11-10 04:17:09 -05:00
667faa0d7b
Add catch for kerberos use-kcache option
2022-11-09 16:56:57 -05:00
47a92590a6
Remove @requires_admin flag for WMI queries
...
Although not common, it is possible for a user to be assigned WMI privileges. Removing @requires_admin in case we do not have privileges to make queries to WMI we will receive an access denied error, which makes it clearer what is happening.
2022-11-04 07:45:47 -04:00
b2bcbe0ade
Fix issue #667 with use-kcache option
2022-11-03 16:04:46 -04:00
49d68e0269
fix error with connection outside dc
2022-11-03 15:29:56 -04:00
3eb80ae534
Modify logging output when putting files
...
Added \\ to match the correct display of the file and path.
2022-11-01 08:10:55 -04:00
cc72c6c868
Remove @requires_admin from get_file and put_file
...
The @requires_admin flag prevents non-admin users who have Read and Write access to a shared folder from performing any operations.
2022-11-01 07:29:56 -04:00
a36d3145e1
Merge pull request #655 from zblurx/master
...
Fix kerberos authentication and add kerbrute
2022-10-31 13:34:03 +01:00
3942eab31b
update a little bit
2022-10-31 08:33:41 -04:00
fedbfaf1f5
Change default order of exec method for smb
2022-10-27 15:40:34 -04:00
132332a8fd
add new color for asreproast account smb
2022-10-24 10:02:01 -04:00
d61d6f0339
add new color for asreproast account
2022-10-24 09:59:43 -04:00
b62bd670e0
Don't block if account not green
2022-10-24 09:11:45 -04:00
70f8d973cf
add KDC_ERR_PREAUTH_FAILED error
2022-10-24 09:01:30 -04:00
5040ab6b40
ldap try catch + magenta
2022-10-24 08:55:48 -04:00
b9699ab078
fix output modifs on smb protocol
2022-10-24 14:55:07 +02:00
53b612d317
adapt outputed creds
2022-10-24 14:12:32 +02:00
0a218c534f
add magenta color if user exist but connection KO
2022-10-24 05:43:52 -04:00
ef349a5309
refactor check if admin func to be comptatible with kerberos
2022-10-24 05:26:53 -04:00
0a284bd2b0
remove message CCache file is not found + fix exec method with kerberos
2022-10-22 17:29:56 -04:00
ed2b2b261a
fix for kerberoast function
2022-10-22 16:38:29 -04:00
7e0613c883
fix username to send to bh
2022-10-20 17:18:22 -04:00
53f5791e7c
Fix a lot things but good pr
2022-10-20 15:40:53 -04:00
f4485ff279
fix kerberos authentication
2022-10-20 18:08:30 +02:00
0fc010b0d5
Fix except error
2022-10-13 08:20:22 -04:00
105ad97947
quick fix cmedb export share
2022-09-22 18:24:27 -04:00
65796271c0
Merge branch 'export'
2022-09-22 18:06:37 -04:00
018bd9608a
Update cmedb for shares
2022-09-22 18:05:18 -04:00
fad860df43
Update ntds dump with option user and enabled #455
2022-09-11 12:49:28 -04:00
b57ba767f8
Adding shebang and encoding utf-8 for all python files
2022-07-19 01:59:14 +02:00
94a28cd184
revert back to pywerview 0.3.3 for better compatibility
2022-07-06 09:52:53 -04:00
75e19ae4b2
Merge pull request #545 from Serizao/master
...
Add smbv1 and signing into sqlite database
2022-06-18 23:50:18 +02:00
708e76d17a
Merge pull request #572 from shoxxdj/master
...
🚀 add support for filter user when searching for loggedon
2022-06-18 22:47:53 +02:00
055eb25c71
Merge pull request #570 from snovvcrash/codec
...
Add -codec execution option
2022-06-17 22:12:54 +02:00
def9d4a562
Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) ( #560 )
...
* Fixed instability issues based - the smb mode will now not crash on
SMB object not having _Connection
NetBIOSTimeout
UnsupportedFeature
* Forgotten return statement
* Improved logging logic
* Improved logging
2022-06-17 22:11:28 +02:00
d3b88088fc
🚀 add support for filter user when searching for loggedon
2022-04-27 11:04:23 +02:00
f183b6bcc1
Add -codec execution option
2022-04-26 16:58:03 +03:00
47e6521822
Merge branch 'master' of https://github.com/byt3bl33d3r/CrackMapExec
2022-03-06 11:07:19 -05:00
4dc4fd72c2
Add STATUS_NO_SUCH_FILE to success status
...
When the remote server returns a STATUS_NO_SUCH_FILE message, cme
interprets the login credentials as wrong. However, impackets
smbserver.py proves that this can be wrong.
2022-03-03 21:52:37 +01:00
998b6a4f36
Update smb.py
2022-03-02 08:04:35 +01:00
955ff4e4d3
Update smb.py
2022-03-02 08:00:26 +01:00
e15ae44c81
Push from public repo
2022-02-27 08:08:30 -05:00
b713723269
Add laps function for WinRM
2022-02-11 16:38:39 -05:00
8d665375a8
Improve laps core functon
2022-02-10 16:36:07 -05:00
c3dec653d4
Add check for audit mode #523
2022-02-07 16:19:46 -05:00
47dd3cdfc2
Add audit mode #523
2022-02-06 17:56:41 -05:00
fdc2aadf2b
sanitize IPv6 in a file name
2022-02-06 16:44:06 -05:00
19a5896c1e
Fix issue when local account is used with bh #533
2022-02-06 07:33:49 -05:00
766ee48328
Fix kerberos ntds dump
2022-01-19 13:13:05 -05:00
d90709bd97
Fix exception
2021-12-18 15:33:46 -05:00
66621b9014
Merger master public to sponsor version
2021-12-17 15:45:21 -05:00
2628a427d8
Fix a number of unhandled expections in cme/protocols/smb.py
2021-12-11 14:57:37 +01:00
e979dfe4f9
Add bloodhound core feature
2021-11-20 16:37:14 -05:00
b31ffc1a64
Improve laps core function
2021-11-17 07:37:20 -05:00
0f5fe00f9e
Fix ldap kerberos login
2021-11-01 14:27:14 -04:00
23b0ff2a0c
Add parameter to laps option
2021-10-17 14:41:20 -04:00
fcddee656e
Update laps core function
2021-10-17 11:50:29 -04:00
ef1e5d3fb1
Add laps option to smb proto first version
2021-10-16 18:08:07 -04:00
0000854b82
Remove filess method
2021-09-21 11:21:40 -04:00
2942be1188
Add timeout to smb connection to 2 sec by default, much much better
2021-09-21 11:21:16 -04:00
fdf6cd31db
Merge pull request #2 from mpgn/dev3
...
Push dev branch to master
2021-09-18 23:04:16 +02:00
53a51a02f2
Fix #464 thanks Wil
2021-09-18 22:44:48 +02:00
a31d03a99a
Fix #486 with ntds dump thx @b13bs
2021-09-18 22:44:48 +02:00
c3516fe9d5
Merge branch 'master' of https://github.com/Porchetta-Industries/CrackMapExec
2021-06-28 13:25:31 -04:00
091915b990
Fix and add a lot, check commit message
...
Update LDAP proto:
- can fetch a LDAP domain from an account from another domain (trust relation between forest)
- fix sizeLimit to unlimited on LDAP queries
- fix little mistake in LDAP modules
Update SMB proto:
- fix users function when DC is vulnerable to NULL SESSION
- add SAMRPC function to fetch users on the domain
- add option --computers to fetch all computers
Update CLI
- add function export, but it's not tested
2021-06-24 14:38:24 -04:00
215c479957
Fix spelling mistake
2021-05-30 16:28:37 -04:00
3ade69abed
Fix missing try catch on --shares option
...
Thx to @0xdf report !
2021-04-02 19:25:06 +02:00
d2f0b66ae4
Add option --amsi-bypass allowing you to pass a custom amsi bypass when using option -X
2021-02-28 09:48:50 -05:00
ba91408c74
Fix smb error not correctly catched
2021-01-29 11:30:05 -05:00
b2a53dc896
Better null session handle
2021-01-29 05:53:40 -05:00
d53343369b
Fix function name sessions option
2021-01-27 05:49:23 -05:00
7210bc1eae
Add better error management for --shares
2020-12-09 17:12:58 -05:00
cb5c8855ed
Version 5.1.3 🔥
...
- Replaced Gevent with AsyncIO
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will
give you a completion percentage and the number of hosts remaining to
scan
2020-11-15 16:42:28 -07:00
8785f5d3f4
option --ntds doesn't require to be admin anymore check #408
2020-08-12 17:27:53 +02:00
ce8094045d
Add more compatibility for windows exe
...
- decrease winrm timeout to 3 seconds so @IppSec 's videos
tlast less time :)
-- add ico to cme exe
-- add option smb-server-port to make cme compatible with windows
2020-07-30 15:14:31 +02:00
56f1f9dd93
Login return False only if NT_STATUS_LOGON_FAILURE
2020-06-21 15:21:07 -04:00
280d497b0d
Add conditional check on the func login()
...
- modules, options will no longer be loaded if authentication fails
- add some try catch and fix some problem with the debug on the passpolicy class
2020-06-20 18:16:37 -04:00
8f2ef3fdaf
Add color when smb status is not ACCESS_DENIED #391
2020-06-20 13:20:27 -04:00
e5d1942251
Add kerberoasting and asrepoast attack with LDAP protocol
2020-06-19 09:20:22 -04:00
b796000343
Fix issue #321 option --continue-on-success
2020-05-09 09:36:31 -04:00
3e1fa0f258
Fix local-auth authentication
2020-05-09 08:20:53 -04:00
b778306cc1
Always print FQDN
2020-05-05 12:13:32 -04:00
3b57fb0869
Add checkifadmin() for Kerberos auth #22
2020-05-05 12:11:18 -04:00
1820cc1ffb
Show FQDN instead of domain name
2020-05-04 15:30:56 -04:00
622245dcfa
Add support kerberos aesKey and kdcHost #22 add lssasy module kerberos support
...
add error when not credential foud on lsassy module #368
2020-05-04 13:23:41 -04:00
1308bc30c8
Adding Kerberos support for CME #22
...
TODO
- aeskey
- dc-ip
- checkifadmin()
2020-05-03 14:30:41 -04:00
74792ce712
Add option --no-bruteforce allowing credentials spraying without bruteforce
...
cme accept user file and password file and works like this:
user1 -> pass1
-> pass2
user2 -> pass1
-> pass2
Option --no-bruteforce works like this
user1 -> pass1
user2 -> pass2
2020-04-30 10:06:57 -04:00
e9a5841731
Fix typo on put-file function
2020-04-28 12:28:25 -04:00
f84035fa7a
Add function get-file and put-file
2020-04-28 12:22:30 -04:00
ba04528738
Add feature: file as argument for -x and -X command #269
2020-04-27 16:38:30 -04:00
ed8c91ab60
changed comparison operators that generate syntax warnings
2020-04-20 03:22:03 +03:00
7bb0e4e4e6
Merge pull request #300 from hantwister/patch-1
...
Fix false positive signing disabled with SMB2/3
2020-04-19 14:36:59 -03:00
498f3fc197
Merge pull request #327 from noraj/patch-1
...
lsa secrets: dump file extension
2020-04-19 14:32:48 -03:00
18634423f3
lsa secrets: dump file extension
...
The logger tell you LSA secrets are dump in a file named xxx.lsa
```
SMB x.x.x.x 445 FRSCWP0001 [+] Dumped 22 LSA secrets to /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.lsa and /home/noraj/.cme/logs/host_x.x.x.x_2019-12-19_095552.cached
```
But in reality they are logged in xxx.screts.
So just fixing the extension showed by the logger.
2019-12-19 10:12:17 +01:00
73ab379acc
Migrate function to python3
...
* --shares -> OK
* --sessions -> OK
* --disks -> OK
* --loggedon-users -> OK
* --users -> Not tested
* --rid-brute -> OK
* --groups -> Not tested
* --local-groups -> OK
* --pass-pol -> OK
2019-11-11 05:06:39 -05:00
a29cf6760c
update python3
2019-11-10 18:39:00 -05:00
c3c4b3192d
start python3 migration
2019-11-10 22:42:04 +01:00
12443285e9
Fix SMB encode
2019-07-13 17:52:00 +02:00
e435a4f87b
Fix SMB encode
2019-07-13 17:50:24 +02:00
85e4de988b
Fix false positive signing disabled with SMB2/3
...
Currently, the SMBConnection.isSigningRequired and SMB3.is_signing_required methods in Impacket reflect the state of the session as opposed to the state of the connection. When using CME with the --gen-relay-list option, the login method would encounter an exception near the end, and would reset the session state. Afterwards, the connection state correctly showed that signing was required, but the session state claimed the opposite. The latter contributed to many false positives in the --gen-relay-list output file. This is a hackish change that addressed the issue for me.
2019-03-26 15:45:02 -04:00
7034ab66d0
Flag to allow continuation while password spraying
...
Adds --continue-on-success flag when spraying passwords using smb. Allows for continuing of password spraying even after valid password is found. (Useful when password spraying with userlist.)
Usage example:
cme smb ipaddress -u users.txt -p password --continue-on-success
In response to:
https://github.com/byt3bl33d3r/CrackMapExec/issues/245
https://github.com/byt3bl33d3r/CrackMapExec/issues/247
2018-05-26 19:44:24 -06:00
Marshall Hallenbeck
mpgn
zblurx
Alexandre ZANNI
Julio Ureña
Wlayzz
Gianfranco Alongi
shoxxdj
Sam Frees1de
TNeitzel
Serizao
HynekPetrak
brightio
byt3bl33d3r
sw
byt3bl33d3r
root
Harrison Neal
Korey McKinley