Changelog
Changelog of CrackMapExec
More on : https://wiki.porchetta.industries/news/a-new-home
- Switch to rich python
- Switch to SQLAlchemy
- Cmedb store a lot more information
- Improvement on the SSH protocol
- Improvement on the FTP protocol
- Progress bar added
- Modules chaining
- Overwall speed improvement
- Improvement on the login feature (smart bruteforce, credid etc)
- Combine multiple options (--sam --lsa --dpapi etc)
- Sending you nmap (xml) scan is now fixed
- ldap-checker -> Fully compatible with Kerberos
- Add RDP protocol thanks to @skelsec
- Set computer accounts as owned in BloodHound by @snovvcrash in https://github.com/byt3bl33d3r/CrackMapExec/pull/532
- fix filename for IPv6 on win32 by @HynekPetrak in https://github.com/byt3bl33d3r/CrackMapExec/pull/526
- Added sorting of LAPS computers output (easier to read) by @p0dalirius in https://github.com/byt3bl33d3r/CrackMapExec/pull/540
- Add STATUS_NO_SUCH_FILE to success status by @qtc-de in https://github.com/byt3bl33d3r/CrackMapExec/pull/548
- Fix mssql check_if_admin function by @qtc-de in https://github.com/byt3bl33d3r/CrackMapExec/pull/546
- Add necessary class for success when calling EfsRpcEncryptFileSrv from PetitPotam by @coffeegist in https://github.com/byt3bl33d3r/CrackMapExec/pull/549
- Switch to poetry-core by @fabaff in https://github.com/byt3bl33d3r/CrackMapExec/pull/580
- Use beautifulsoup4 instead of bs4 by @fabaff in https://github.com/byt3bl33d3r/CrackMapExec/pull/581
- accept pywerview 0.4.0 by @noraj in https://github.com/byt3bl33d3r/CrackMapExec/pull/574
- Added module for finding other network addresses on a host via WMI by @fang0654 in https://github.com/byt3bl33d3r/CrackMapExec/pull/552
- Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) by @Gianfrancoalongi in https://github.com/byt3bl33d3r/CrackMapExec/pull/560
- Add -codec execution option by @snovvcrash in https://github.com/byt3bl33d3r/CrackMapExec/pull/570
- Stop crackmapexec crashing from concurrency-issues (tested with SMB-mode) by @Gianfrancoalongi in https://github.com/byt3bl33d3r/CrackMapExec/pull/561
- Add SSL support to winrm protocol by @whipped5000 in https://github.com/byt3bl33d3r/CrackMapExec/pull/559
- add support for filter user when searching for loggedon by @shoxxdj in https://github.com/byt3bl33d3r/CrackMapExec/pull/572🚀
- NanoDump Bugfixes by @lesydimitri in https://github.com/byt3bl33d3r/CrackMapExec/pull/578
- Fixed improper exception handling of lsass dump parsing by @p0dalirius in https://github.com/byt3bl33d3r/CrackMapExec/pull/538
- Add smbv1 and signing into sqlite database by @Serizao in https://github.com/byt3bl33d3r/CrackMapExec/pull/545
- Cleanup all useless modules and repositories (no more
--recursive
option)
- @HynekPetrak made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/526
- @coffeegist made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/549
- @fabaff made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/580
- @Gianfrancoalongi made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/560
- @whipped5000 made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/559
- @shoxxdj made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/572
- @lesydimitri made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/578
- @Serizao made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/545
Full Changelog: https://github.com/byt3bl33d3r/CrackMapExec/compare/v5.2.2...v5.3.0
- Add module
nanodump
- Add module
handleKatz
- Bump module LSASSY to version 3 thanks to @Pixis
- Add timeout to avoid CTRL-C situation
- Improve LDAP output
- No more sudo needed to exec command
- Integration of bloodhound
- New core option
--laps
to exec code on all machines even if laps is used - Improve NULL session option
- Add module
MS17-010


Issues · byt3bl33d3r/CrackMapExec
GitHub
All fixed issues
- Add module
MachineAccountQuota.py
to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0dalirius - Add module
get-desc-users
Get the description of each users and search for password in the description @nodauf - Add custom port for WinRM
- Switch from gevent to asyncio
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
- Add better error message on LDAP protocol
- Add more options to LDAP
- option
--groups
- option
--users
- option
--continue-on-success
- Add additional Info to LDAP Kerberoasting
- Account Name
- Password last set
- Last logon
- Member of
- Bump lsassy to latest version 2
- Add new option
--amsi-bypass
to bypass AMSI with your own custom code - Add module LAPS to retrieve all LAPS passwords
- Add IPv6 support
- Add improvment when testing null session for the output
- Remove thirdparty folder 🥳
- Fix spelling mistakes
- Rename options EXT and DIR to
EXCLUDE_EXTS EXCLUDE_DIR
on spider_plus module - Fix module Wireless
- Fix issue with
--pass-pol
for Maximum password age - Fix encoding issue with spider option
- Bump to lsassy to latest version 2
- Add new option
--amsi-bypass
to bypass AMSI with your own custom code - Add module LAPS to retrieve all LAPS password
- Add IPv6 support
- Add improvment when testing null session for the output
- Remove thirdparty folder
- Add better error message on LDAP protocol
- Add more options to LDAP
- option
--groups
- option
--users
- option
--continue-on-success
- Add additional Info to LDAP Kerberoasting
- Account Name
- Password last set
- Last logon
- Member of
- Fix encoding error
- Bump to Impacket v0.9.22
- Fix issue with
--pass-pol
for Maximum password age - Fix encoding issue with
spider
option
- Switch from gevent to asyncio
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
🔧 Issues 🔧
- Rename options
EXT
andDIR
toEXCLUDE_EXTS
EXCLUDE_DIRon
spider_plus module - Fix module Wireless
- Switched from Pipenv to Poetry for development and dependency management.
- Now has Windows binaries!
💫 Features 💫
- Add LDAP protocol to CME
- Add Kerberoasting support to CME using the flag
--kerberoasting
- Add ASREPRoasting support to CME using the flag
--asreproasting
- Add AdminCount option to list all users in the domain with property AdminCount=1 using the flag
--admin-count
thanks to @ropnop talk - CME can list computers and users with unconstrained delegation enabled using the option
--trusted-for-delegation
thanks to @ropnop talk - Add the option
--continue-on-success
to the SSH protocol - Add new color when the status code of SMB is diffrent from
NT_STATUS_LOGON_FAILURE
- WinRM protocol support authentication using NTLM hash
-H
- CME now support docker !
🔧 Issues 🔧
- Improve WinRM output when authentication failed
- Improve WinRM output when SMB port is open
- Fix issue with SMB signing required using the flag
--continue-on-success
- Fix issue when using a file as username and a file as hosts
cme smb <file> -u <file> -p <file>
- Fix debug output when using the
--verbose
flag on--pass-poll
option
💫 Features 💫
- CME accepts a file as argument with option
-x
and-X
- WinRM can now execute a command even if not local admin thanks to pypsrp lib
- Kerberos support is added to CME 💥
- commands
--put-file
and--get-file
have been added allowing to put or get remote file - option
--no-bruteforce
has been added allowing you to spray credentials without bruteforce - CME will now always show FQDN 👮
🔧 Issues 🔧
- Issues with SSH connection are fixed
- MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
- Fix some encoding problems as always 💩
- encoding problem with
GPP_PASSWORD
andGPP_AUTOLOGIN
should be fixed
🚀 Modules 🚀
- both Metasploit and empire modules are back in the game
- module
wireless
has been added to CME - module
bh_owned
has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned 🐩
Fixed dependency issues. Habemus binaries!
Last modified 1mo ago