diff --git a/README.md b/README.md index 55faafb5e..ee9b035b3 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg) +![Supported Python versions](https://img.shields.io/badge/python-3.8+-blue.svg) # CrackMapExec @@ -46,5 +46,4 @@ If you use CrackMapExec a lot (especially if it's used commercially), please con Press the "Sponsor" button on the top of this page to see ways of donating/sponsoring this project. # To do -- Kerberos support - ~~0wn everything~~ diff --git a/cme/connection.py b/cme/connection.py index d7d3d8177..62fe533c8 100755 --- a/cme/connection.py +++ b/cme/connection.py @@ -181,7 +181,7 @@ def login(self): tmp = usr usr = tmp.split('\\')[1].strip() self.domain = tmp.split('\\')[0] - if self.args.hash: + if hasattr(self.args, 'hash') and self.args.hash: with sem: for ntlm_hash in self.args.hash: if isinstance(ntlm_hash, str): @@ -205,19 +205,28 @@ def login(self): for password in self.args.password: if isinstance(password, str): if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), password): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), password): return True + else: + if self.plaintext_login(usr.strip(), password): return True elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == False: for f_pass in password: if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + else: + if self.plaintext_login(usr.strip(), f_pass.strip()): return True password.seek(0) elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == True: user.seek(0) for usr, f_pass in zip(user, password): if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + else: + if self.plaintext_login(usr.strip(), f_pass.strip()): return True elif isinstance(user, str): if hasattr(self.args, 'hash') and self.args.hash: diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py index 476f6053a..78384ab2a 100755 --- a/cme/protocols/smb.py +++ b/cme/protocols/smb.py @@ -237,10 +237,9 @@ def enum_host_info(self): if self.args.domain: self.domain = self.args.domain - - # always print FQDN even if local auth - # if self.args.local_auth: - # self.domain = self.hostname + + if self.args.local_auth: + self.domain = self.hostname #Re-connect since we logged off self.create_conn_obj() diff --git a/cme/protocols/ssh.py b/cme/protocols/ssh.py index c2173aa9f..8d886b17c 100644 --- a/cme/protocols/ssh.py +++ b/cme/protocols/ssh.py @@ -12,6 +12,7 @@ class ssh(connection): @staticmethod def proto_args(parser, std_parser, module_parser): ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser]) + ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2') #ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key") ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")