Releases: byt3bl33d3r/CrackMapExec
5.4.0 - Indestructible G0thm0g
More on : https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
What's Changed
- Compatibility with lsassy v3.1.3 by @Hackndo in #603
- Added an LDAP checker for Signing AND Channel Binding by @LuemmelSec in #606
- Hash_spider Module by @pgormanDS in #528
- Fix subnets module by @snovvcrash in #609
- Adding shebang and encoding utf-8 for all python files by @wlayzz in #608
- whoami LDAP module by @spyr0-sec in #613
- Fix logging with LDAPS protocol by @Dramelac in #641
- Cmedb export shares by @ILightThings in #638
- FTP Protocol Addition by @RomanRII in #639
- LDAP protocol improvements and scan-network module bugfix by @nurfed1 in #642
- Mssql upload / download by @guervild in #597
- Add the new daclread.py LDAP module and the msada_guids.py library by @BlWasp in #610
- Add KeePass discovery module by @d3lb3 in #636
- Add KeePass trigger abuse module by @d3lb3 in #637
- Improved cmedb export function by @ILightThings in #643
- Module to check for NTLMv1 Compatibility by @Tw1sm in #640
- Module to check for AlwaysInstallElevated by @bogey3 in #646
- fix(#649) : Fix Wrong filename on RDP screenshot issue by @jdouliez in #650
- Added functionality to retrieve ssoauthookie from Microsoft Teams local db by @R-Secure in #647
- Improve CMEDB HELP after loosing too much time with workspace .. by @shoxxdj in #652
- Update teams_localdb.py to support multi users by @LuemmelSec in #654
- Add GMSA module by @swisskyrepo in #614
- Fix regression for mssql with local_auth thx @juliourena by @mpgn in #658
- Add Masky module by @Z4kSec in #653
- Fix kerberos authentication by @zblurx in #655
- Fix #663 - Preventing non admin with access to share folder to READ and WRITE. by @juliourena in #665
- Added an NLA disabled screenshot function by @lap1nou in #666
- Add the Impersonate module by @Dfte in #601
- Fix #668 - Remove @requires_admin flag for WMI queries by @juliourena in #669
- Bump aardwolf to version 0.2.0 by @mpgn in #662
- bugfix : cant export csv by @shoxxdj in #670
- Fix #671 - handlekatz and procdump modules fail by @juliourena in #672
- Fix #674 - web_delivery module - Added the option to select architecture (64 or 32) by @juliourena in #675
- Fix #676 - bh_owned module output always returning false by @juliourena in #677
New Contributors
- @LuemmelSec made their first contribution in #606
- @pgormanDS made their first contribution in #528
- @wlayzz made their first contribution in #608
- @spyr0-sec made their first contribution in #613
- @Dramelac made their first contribution in #641
- @ILightThings made their first contribution in #638
- @RomanRII made their first contribution in #639
- @nurfed1 made their first contribution in #642
- @guervild made their first contribution in #597
- @BlWasp made their first contribution in #610
- @d3lb3 made their first contribution in #636
- @Tw1sm made their first contribution in #640
- @bogey3 made their first contribution in #646
- @jdouliez made their first contribution in #650
- @R-Secure made their first contribution in #647
- @swisskyrepo made their first contribution in #614
- @Z4kSec made their first contribution in #653
- @juliourena made their first contribution in #665
- @Dfte made their first contribution in #601
All binaries on => https://github.com/Porchetta-Industries/CrackMapExec/actions/runs/3462698710
Full Changelog: v5.3.0...v5.4.0
5.3.0 - Operation C01NS
More on https://mpgn.gitbook.io/crackmapexec/
What's Changed
- Add RDP protocol thanks to @skelsec
- Set computer accounts as owned in BloodHound by @snovvcrash in #532
- fix filename for IPv6 on win32 by @HynekPetrak in #526
- Added sorting of LAPS computers output (easier to read) by @p0dalirius in #540
- Add STATUS_NO_SUCH_FILE to success status by @qtc-de in #548
- Fix mssql check_if_admin function by @qtc-de in #546
- Add necessary class for success when calling EfsRpcEncryptFileSrv from PetitPotam by @coffeegist in #549
- Switch to poetry-core by @fabaff in #580
- Use beautifulsoup4 instead of bs4 by @fabaff in #581
- accept pywerview 0.4.0 by @noraj in #574
- Added module for finding other network addresses on a host via WMI by @fang0654 in #552
- Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) by @Gianfrancoalongi in #560
- Add -codec execution option by @snovvcrash in #570
- Stop crackmapexec crashing from concurrency-issues (tested with SMB-mode) by @Gianfrancoalongi in #561
- Add SSL support to winrm protocol by @whipped5000 in #559
- 🚀 add support for filter user when searching for loggedon by @shoxxdj in #572
- NanoDump Bugfixes by @lesydimitri in #578
- Fixed improper exception handling of lsass dump parsing by @p0dalirius in #538
- Add smbv1 and signing into sqlite database by @Serizao in #545
- Mpgn patch 1 by @mpgn in #584
- Update github action for aardwolf to work on macos by @mpgn in #586
- Nix Support by @FedX-sudo in #573
- [rdp.py] port redirect to "self.args.port" by @XiaoliChan in #589
- Add nanodump results to cmedb by @lesydimitri in #590
- Added Termux support by @T1erno in #569
- Fixed LDAPS with Kerberos by @lap1nou in #595
- add dfscoerce module by @ChoiSG in #596
- Add shadowcoerce module by @ChoiSG in #598
New Contributors
- @HynekPetrak made their first contribution in #526
- @coffeegist made their first contribution in #549
- @fabaff made their first contribution in #580
- @Gianfrancoalongi made their first contribution in #560
- @whipped5000 made their first contribution in #559
- @shoxxdj made their first contribution in #572
- @lesydimitri made their first contribution in #578
- @Serizao made their first contribution in #545
- @FedX-sudo made their first contribution in #573
- @XiaoliChan made their first contribution in #589
- @T1erno made their first contribution in #569
- @lap1nou made their first contribution in #595
- @ChoiSG made their first contribution in #596
Full Changelog: v5.2.2...v5.3.0
5.2.2dev - The Dark Knight
More on https://mpgn.gitbook.io/crackmapexec/news-2022/major-release-for-crackmapexec
💫 Features 💫
- Add module
nanodump
- Add module
handleKatz
- Bump module LSASSY to version 3 thanks to @Hackndo
- Add timeout to avoid CTRL-C situation
- Improve LDAP output
- No more sudo needed to exec command
- Integration of bloodhound
- New core option
--laps
to exec code on all machines even if laps is used - Improve NULL session option
- Add module adcs to exploit ADCS attack thanks to and
- Add module
MS17-010
- Add module
zerologon
- Add module
noPAC
- Add module
petitPotam
- Add module
ioxidresolver
🔧 Issues 🔧
Thanks to @qtc-de @snovvcrash @tiyeuse @p0dalirius @Dliv3 @ShutdownRepo
CrackMapExec v5.1.7dev - U fancy huh ?
All features and Issues from 5.1.3 to 5.1.7
💫 Features 💫
- Add module
MachineAccountQuota.py
to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0dalirius - Add module
get-desc-users
Get the description of each users and search for password in the description @nodauf - Add module
mssql_priv
to enumerate and exploit MSSQL privileges @sokaRepo - Add option
--password-not-required
to retrieve the user with the flagPASSWD_NOTREQD
@nodauf - Add custom port for WinRM
- Switch from gevent to asyncio
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
- Add better error message on LDAP protocol
- Add more options to LDAP
- option
--groups
- option
--users
- option
--continue-on-success
- option
- Add additional Info to LDAP Kerberoasting
- Account Name
- Password last set
- Last logon
- Member of
- Bump lsassy to latest version 2
- Add new option
--amsi-bypass
to bypass AMSI with your own custom code - Add module LAPS to retrieve all LAPS passwords
- Add IPv6 support
- Add improvment when testing null session for the output
- Remove thirdparty folder 🥳
🔧 Issues 🔧
- Fix spelling mistakes
- Rename options EXT and DIR to
EXCLUDE_EXTS EXCLUDE_DIR
on spider_plus module - Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3
- Fix module Wireless
- Fix issue with
--pass-pol
for Maximum password age - Fix encoding issue with spider option
CrackMapExec v5.1.1dev - 3TH@n
💫 Features 💫
- Switched from Pipenv to Poetry for development and dependency management.
- Now has Windows binaries!
CrackMapExec v5.1.0dev - 3TH@n
Introducing CME doc on Gitbook: https://mpgn.gitbook.io/crackmapexec/
💫 Features 💫
- Add module
spider_plus
to list and dump all files from all readable shares thanks to @vincd - Add LDAP protocol to CME
- Add Kerberoasting support to CME using the flag
--kerberoasting
- Add ASREPRoasting support to CME using the flag
--asreproasting
- Add
--admin-count
option to list all users in the domain with property AdminCount=1 thanks to @ropnop talk - CME can list computers and users with unconstrained delegation enabled using the option
--trusted-for-delegation
thanks to @ropnop talk - Add an option to SSH protocol supporting connection using private key thanks to @alxbl
- Add the option --continue-on-success to the SSH protocol
- Add new color when the status code of SMB is different from NT_STATUS_LOGON_FAILURE
- WinRM protocol support authentication using NTLM hash -H
🔧 Issues 🔧
- Fix authentication error on SSH protocol thanks to @IppSec report
- Fix authentication error using --shares options thanks to @IppSec report
- Improve WinRM output when authentication failed
- Decrease WinRM timeout thanks to @IppSec report
- Improve WinRM output when SMB port is open
- Fix issue with SMB signing required using the flag
--continue-on-success
- Fix issue when using a file as username and a file as hosts
cme smb <file> -u <file> -p <file>
- Fix debug output when using the
--verbose
flag on--pass-poll
option
CrackMapExec v5.0.2dev - P3l1as
💫 Features 💫
- CME accepts a file as argument with option
-x
and-X
- WinRM can now execute a command even if not local admin thanks to pypsrp lib
- Kerberos support is added to CME 💥
- commands
--put-file
and--get-file
have been added allowing to put or get remote file - option
--no-bruteforce
has been added allowing you to spray credentials without bruteforce - CME will now always show FQDN 👮
🔧 Issues 🔧
- Issues with SSH connection are fixed
- MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
- Fix some encoding problems as always 💩
-
LSASSY
module output has been improved when no credentials are found thanks to @Hackndo - encoding problem with
GPP_PASSWORD
andGPP_AUTOLOGIN
should be fixed
🚀 Modules 🚀
- both Metasploit and empire modules are back in the game
- module
wireless
has been added to CME - module
bh_owned
has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned 🐩
Also, thank you all for the support ! 💪
CrackMapExec v5.0.1dev
Fixed dependency issues. Habemus binaries!
CrackMapExec v5.0.0
Python 3! Yay! Thanks @mpgn !