Links

Changelog

Changelog of CrackMapExec
Next major releases of CME will be sponsorware check this page

6.0.0 - Bane

More on : https://wiki.porchetta.industries/news/a-new-home

What's Changed

New core features:

New modules:

5.3.0 - Operation C01NS - 2022-06-20

What's Changed

  • Add RDP protocol thanks to @skelsec
  • Set computer accounts as owned in BloodHound by @snovvcrash in https://github.com/byt3bl33d3r/CrackMapExec/pull/532
  • fix filename for IPv6 on win32 by @HynekPetrak in https://github.com/byt3bl33d3r/CrackMapExec/pull/526
  • Added sorting of LAPS computers output (easier to read) by @p0dalirius in https://github.com/byt3bl33d3r/CrackMapExec/pull/540
  • Add STATUS_NO_SUCH_FILE to success status by @qtc-de in https://github.com/byt3bl33d3r/CrackMapExec/pull/548
  • Fix mssql check_if_admin function by @qtc-de in https://github.com/byt3bl33d3r/CrackMapExec/pull/546
  • Add necessary class for success when calling EfsRpcEncryptFileSrv from PetitPotam by @coffeegist in https://github.com/byt3bl33d3r/CrackMapExec/pull/549
  • Switch to poetry-core by @fabaff in https://github.com/byt3bl33d3r/CrackMapExec/pull/580
  • Use beautifulsoup4 instead of bs4 by @fabaff in https://github.com/byt3bl33d3r/CrackMapExec/pull/581
  • accept pywerview 0.4.0 by @noraj in https://github.com/byt3bl33d3r/CrackMapExec/pull/574
  • Added module for finding other network addresses on a host via WMI by @fang0654 in https://github.com/byt3bl33d3r/CrackMapExec/pull/552
  • Fixed instability issues for SMB (no _Connection crash, NetBIOSTimeout crash, UnsupportedFeature-crash) by @Gianfrancoalongi in https://github.com/byt3bl33d3r/CrackMapExec/pull/560
  • Add -codec execution option by @snovvcrash in https://github.com/byt3bl33d3r/CrackMapExec/pull/570
  • Stop crackmapexec crashing from concurrency-issues (tested with SMB-mode) by @Gianfrancoalongi in https://github.com/byt3bl33d3r/CrackMapExec/pull/561
  • Add SSL support to winrm protocol by @whipped5000 in https://github.com/byt3bl33d3r/CrackMapExec/pull/559
  • 🚀
    add support for filter user when searching for loggedon by @shoxxdj in https://github.com/byt3bl33d3r/CrackMapExec/pull/572
  • NanoDump Bugfixes by @lesydimitri in https://github.com/byt3bl33d3r/CrackMapExec/pull/578
  • Fixed improper exception handling of lsass dump parsing by @p0dalirius in https://github.com/byt3bl33d3r/CrackMapExec/pull/538
  • Add smbv1 and signing into sqlite database by @Serizao in https://github.com/byt3bl33d3r/CrackMapExec/pull/545
  • Cleanup all useless modules and repositories (no more --recursive option)

New Contributors

  • @HynekPetrak made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/526
  • @coffeegist made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/549
  • @fabaff made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/580
  • @Gianfrancoalongi made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/560
  • @whipped5000 made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/559
  • @shoxxdj made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/572
  • @lesydimitri made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/578
  • @Serizao made their first contribution in https://github.com/byt3bl33d3r/CrackMapExec/pull/545
Full Changelog: https://github.com/byt3bl33d3r/CrackMapExec/compare/v5.2.2...v5.3.0

5.2.2dev - The Dark Knight - 2022-01-15

💫 Features 💫

  • Add module nanodump
  • Add module handleKatz
  • Bump module LSASSY to version 3 thanks to @Pixis
  • Add timeout to avoid CTRL-C situation
  • Improve LDAP output
  • No more sudo needed to exec command
  • Integration of bloodhound
  • New core option --laps to exec code on all machines even if laps is used
  • Improve NULL session option
  • Add module adcs to exploit ADCS attack thanks to @qtc-de and @snovvcrash
  • Add module MS17-010
  • Add module zerologon @_dirkjan @AirbusSecLab
  • Add module noPAC @exploitph @Evi1cg
  • Add module petitPotam @topotam77
  • Add module ioxidresolver @AirbusSecLab

🔧 Issues 🔧

5.1.7dev - U fancy huh ? - 2021-05-30

💫 Features 💫

  • Add module MachineAccountQuota.py to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0dalirius
  • Add module get-desc-users Get the description of each users and search for password in the description @nodauf
  • Add module mssql_priv to enumerate and exploit MSSQL privileges @sokaRepo
  • Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD @nodauf
  • Add custom port for WinRM
  • Switch from gevent to asyncio
  • Shares are now logged in the database and can be queried
  • You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
  • Add better error message on LDAP protocol
  • Add more options to LDAP
    • option --groups
    • option --users
    • option --continue-on-success
  • Add additional Info to LDAP Kerberoasting
    • Account Name
    • Password last set
    • Last logon
    • Member of
  • Bump lsassy to latest version 2
  • Add new option --amsi-bypass to bypass AMSI with your own custom code
  • Add module LAPS to retrieve all LAPS passwords
  • Add IPv6 support
  • Add improvment when testing null session for the output
  • Remove thirdparty folder 🥳

🔧 Issues 🔧

  • Fix spelling mistakes
  • Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIR on spider_plus module
  • Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3
  • Fix module Wireless
  • Fix issue with --pass-pol for Maximum password age
  • Fix encoding issue with spider option

5.1.6dev - U fancy huh ? - 2021-03-08

💫 Features 💫

  • Bump to lsassy to latest version 2
  • Add new option --amsi-bypass to bypass AMSI with your own custom code
  • Add module LAPS to retrieve all LAPS password
  • Add IPv6 support
  • Add improvment when testing null session for the output
  • Remove thirdparty folder

🔧 Issues 🔧

5.1.5dev - U fancy huh ? - 2021-01-21

💫 Features 💫

  • Add better error message on LDAP protocol
  • Add more options to LDAP
    • option --groups
    • option --users
    • option --continue-on-success
  • Add additional Info to LDAP Kerberoasting
    • Account Name
    • Password last set
    • Last logon
    • Member of

🔧 Issues 🔧

  • Fix encoding error

5.1.4dev - U fancy huh ? - 2020-12-01

💫 Features 💫

  • Bump to Impacket v0.9.22

🔧 Issues 🔧

  • Fix issue with --pass-pol for Maximum password age
  • Fix encoding issue with spider option

5.1.3dev - U fancy huh ? - 2020-11-16

💫 Features 💫

  • Switch from gevent to asyncio
  • Shares are now logged in the database and can be queried
  • You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
🔧 Issues 🔧
  • Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIRon spider_plus module
  • Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3
  • Fix module Wireless

5.1.1dev - 3TH@n - 2020-09-20

💫 Features 💫

  • Switched from Pipenv to Poetry for development and dependency management.
  • Now has Windows binaries!

5.1.0 - 3TH@n - 2020-06-25

💫 Features 💫
  • Add LDAP protocol to CME
  • Add Kerberoasting support to CME using the flag --kerberoasting
  • Add ASREPRoasting support to CME using the flag --asreproasting
  • Add AdminCount option to list all users in the domain with property AdminCount=1 using the flag--admin-count thanks to @ropnop talk
  • CME can list computers and users with unconstrained delegation enabled using the option --trusted-for-delegationthanks to @ropnop talk
  • Add an option to SSH protocol supporting connection using private key thanks to @alxbl
  • Add the option --continue-on-success to the SSH protocol
  • Add new color when the status code of SMB is diffrent from NT_STATUS_LOGON_FAILURE
  • WinRM protocol support authentication using NTLM hash -H
  • CME now support docker !
🔧 Issues 🔧
  • Fix authentication error on SSH protocol thanks to @ippsec report
  • Fix authentication error using --shares options thanks to @ippsec report
  • Improve WinRM output when authentication failed
  • Improve WinRM output when SMB port is open
  • Fix issue with SMB signing required using the flag --continue-on-success
  • Fix issue when using a file as username and a file as hosts cme smb <file> -u <file> -p <file>
  • Fix debug output when using the --verbose flag on --pass-poll option
  • CME binaries are now compiled for Python3.7 instead of Python3.8, CME is impacket friendly :)

5.0.2 - P3l1as - 2020-05-04

💫 Features 💫
  • CME accepts a file as argument with option -x and -X
  • WinRM can now execute a command even if not local admin thanks to pypsrp lib
  • Kerberos support is added to CME 💥
  • commands --put-file and --get-file have been added allowing to put or get remote file
  • option --no-bruteforce has been added allowing you to spray credentials without bruteforce
  • CME will now always show FQDN 👮
🔧 Issues 🔧
  • Issues with SSH connection are fixed
  • MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
  • Fix some encoding problems as always 💩
  • LSASSY module output has been improved when no credentials are found thanks to @Hackndo
  • encoding problem with GPP_PASSWORD and GPP_AUTOLOGIN should be fixed
🚀 Modules 🚀
  • both Metasploit and empire modules are back in the game
  • module wireless has been added to CME
  • module bh_owned has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned 🐩

5.0.1 - P3l1as - 2020-04-20

Fixed dependency issues. Habemus binaries!

5.0.0 - P3l1as - 2020-04-19

🚀 CrackMapexec ported to Python3 by @mpgn_x64 🚀

4.1.0 - Bug Pr0n - 2018-03-22

3.1.5 - Bug Pr0n - 2018-03-22