From d3a7effb8631152dbc0fe2d49c29e92a0d90fa6f Mon Sep 17 00:00:00 2001 From: mpgn Date: Sat, 9 May 2020 07:59:53 -0400 Subject: [PATCH 1/4] Fix ssh issue #375 --- cme/connection.py | 17 +++++++++++++---- cme/protocols/ssh.py | 1 + 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/cme/connection.py b/cme/connection.py index d7d3d8177..62fe533c8 100755 --- a/cme/connection.py +++ b/cme/connection.py @@ -181,7 +181,7 @@ def login(self): tmp = usr usr = tmp.split('\\')[1].strip() self.domain = tmp.split('\\')[0] - if self.args.hash: + if hasattr(self.args, 'hash') and self.args.hash: with sem: for ntlm_hash in self.args.hash: if isinstance(ntlm_hash, str): @@ -205,19 +205,28 @@ def login(self): for password in self.args.password: if isinstance(password, str): if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), password): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), password): return True + else: + if self.plaintext_login(usr.strip(), password): return True elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == False: for f_pass in password: if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + else: + if self.plaintext_login(usr.strip(), f_pass.strip()): return True password.seek(0) elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == True: user.seek(0) for usr, f_pass in zip(user, password): if not self.over_fail_limit(usr.strip()): - if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + if hasattr(self.args, 'domain'): + if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True + else: + if self.plaintext_login(usr.strip(), f_pass.strip()): return True elif isinstance(user, str): if hasattr(self.args, 'hash') and self.args.hash: diff --git a/cme/protocols/ssh.py b/cme/protocols/ssh.py index c2173aa9f..8d886b17c 100644 --- a/cme/protocols/ssh.py +++ b/cme/protocols/ssh.py @@ -12,6 +12,7 @@ class ssh(connection): @staticmethod def proto_args(parser, std_parser, module_parser): ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser]) + ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2') #ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key") ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)") From 3e1fa0f258eaea08b0bf7c10bcb3239ffc0557e7 Mon Sep 17 00:00:00 2001 From: mpgn Date: Sat, 9 May 2020 08:20:53 -0400 Subject: [PATCH 2/4] Fix local-auth authentication --- cme/protocols/smb.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py index 476f6053a..78384ab2a 100755 --- a/cme/protocols/smb.py +++ b/cme/protocols/smb.py @@ -237,10 +237,9 @@ def enum_host_info(self): if self.args.domain: self.domain = self.args.domain - - # always print FQDN even if local auth - # if self.args.local_auth: - # self.domain = self.hostname + + if self.args.local_auth: + self.domain = self.hostname #Re-connect since we logged off self.create_conn_obj() From ce7518e689f380eb95398b8eb1c8c878e4e5a463 Mon Sep 17 00:00:00 2001 From: mpgn Date: Sat, 9 May 2020 08:25:02 -0400 Subject: [PATCH 3/4] Add python3.7 to GitHub action --- .github/workflows/crackmapexec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/crackmapexec.yml b/.github/workflows/crackmapexec.yml index ad6ea739a..81683e0ab 100644 --- a/.github/workflows/crackmapexec.yml +++ b/.github/workflows/crackmapexec.yml @@ -18,7 +18,7 @@ jobs: - name: CrackMapExec tests on ${{ matrix.os }} uses: actions/setup-python@v1 with: - python-version: 3.8 + python-version: [3.7, 3.8] - name: Install dependencies run: | python -m pip install --upgrade pip From 9e0f4c252466c8db3b2843262bcb419b7c8f831e Mon Sep 17 00:00:00 2001 From: mpgn Date: Sat, 9 May 2020 09:04:27 -0400 Subject: [PATCH 4/4] Update readme with 3.8 badge --- .github/workflows/crackmapexec.yml | 2 +- README.md | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/crackmapexec.yml b/.github/workflows/crackmapexec.yml index 81683e0ab..ad6ea739a 100644 --- a/.github/workflows/crackmapexec.yml +++ b/.github/workflows/crackmapexec.yml @@ -18,7 +18,7 @@ jobs: - name: CrackMapExec tests on ${{ matrix.os }} uses: actions/setup-python@v1 with: - python-version: [3.7, 3.8] + python-version: 3.8 - name: Install dependencies run: | python -m pip install --upgrade pip diff --git a/README.md b/README.md index 55faafb5e..ee9b035b3 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg) +![Supported Python versions](https://img.shields.io/badge/python-3.8+-blue.svg) # CrackMapExec @@ -46,5 +46,4 @@ If you use CrackMapExec a lot (especially if it's used commercially), please con Press the "Sponsor" button on the top of this page to see ways of donating/sponsoring this project. # To do -- Kerberos support - ~~0wn everything~~