Crackmapexec

More on https://mpgn.gitbook.io/crackmapexec/news-2022/major-release-for-crackmapexec

💫 Features 💫

- Add module `nanodump`
- Add module `handleKatz`
- Bump module LSASSY to version 3 thanks to Hackndo
- Add timeout to avoid CTRL-C situation
- Improve LDAP output
- No more sudo needed to exec command
- Integration of bloodhound
- New core option `--laps` to exec code on all machines even if laps is used
- Improve NULL session option
- Add module adcs to exploit ADCS attack thanks to and ​
- Add module `MS17-010 `
- Add module `zerologon `​
- Add module `noPAC `
- Add module `petitPotam `
- Add module `ioxidresolver `​

🔧 Issues 🔧


Thanks to qtc-de snovvcrash tiyeuse p0dalirius Dliv3 ShutdownRepo

All features and Issues from 5.1.3 to 5.1.7

💫 Features 💫

- Add module `MachineAccountQuota.py` to retrieves the MachineAccountQuota domain-level attribute related to the current user p0dalirius
- Add module `get-desc-users` Get the description of each users and search for password in the description nodauf
- Add module `mssql_priv` to enumerate and exploit MSSQL privileges sokaRepo
- Add option `--password-not-required` to retrieve the user with the flag `PASSWD_NOTREQD` nodauf
- Add custom port for WinRM
- Switch from gevent to asyncio
- Shares are now logged in the database and can be queried
- You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
- Add better error message on LDAP protocol
- Add more options to LDAP
* option `--groups`
* option `--users`
* option `--continue-on-success`
- Add additional Info to LDAP Kerberoasting
* Account Name
* Password last set
* Last logon
* Member of
- Bump lsassy to latest version 2
- Add new option `--amsi-bypass` to bypass AMSI with your own custom code
- Add module LAPS to retrieve all LAPS passwords
- Add IPv6 support
- Add improvment when testing null session for the output
- Remove thirdparty folder 🥳

🔧 Issues 🔧

- Fix spelling mistakes
- Rename options EXT and DIR to `EXCLUDE_EXTS EXCLUDE_DIR` on spider_plus module
- Fix MSSQL protocol (command exec with powershell and enum) thanks Dliv3
- Fix module Wireless
- Fix issue with `--pass-pol` for Maximum password age
- Fix encoding issue with spider option

💫 Features 💫
- Switched from Pipenv to Poetry for development and dependency management.
- Now has Windows binaries!

Introducing CME doc on Gitbook: https://mpgn.gitbook.io/crackmapexec/

💫 **Features** 💫
- Add module `spider_plus` to list and dump all files from all readable shares thanks to vincd
- Add LDAP protocol to CME
- Add Kerberoasting support to CME using the flag `--kerberoasting`
- Add ASREPRoasting support to CME using the flag `--asreproasting`
- Add `--admin-count` option to list all users in the domain with property **AdminCount=1** thanks to ropnop talk
- CME can list computers and users with unconstrained delegation enabled using the option `--trusted-for-delegation` thanks to ropnop talk
- Add an option to SSH protocol supporting connection using private key thanks to alxbl
- Add the option --continue-on-success to the SSH protocol
- Add **new color** when the status code of SMB is different from NT_STATUS_LOGON_FAILURE
- WinRM protocol support authentication using NTLM hash -H

🔧 **Issues** 🔧
- Fix authentication error on SSH protocol thanks to ippsec report
- Fix authentication error using --shares options thanks to ippsec report
- Improve WinRM output when authentication failed
- Decrease WinRM timeout thanks to ippsec report
- Improve WinRM output when SMB port is open
- Fix issue with SMB signing required using the flag `--continue-on-success`
- Fix issue when using a file as username and a file as hosts `cme smb <file> -u <file> -p <file>`
- Fix debug output when using the `--verbose` flag on `--pass-poll` option

===

:dizzy: **Features** :dizzy:

- [x] CME accepts a file as argument with option `-x` and `-X`
- [x] WinRM can now execute a command even if not local admin thanks to __pypsrp__ lib
- [x] Kerberos support is added to CME :boom:
- [x] commands `--put-file` and `--get-file` have been added allowing to put or get remote file
- [x] option `--no-bruteforce` has been added allowing you to spray credentials without bruteforce
- [x] CME will now always show FQDN :cop:

:wrench: **Issues** :wrench:

- [x] Issues with SSH connection are fixed
- [x] MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
- [x] Fix some encoding problems as always :hankey:
- [x] `LSASSY` module output has been improved when no credentials are found thanks to Hackndo
- [x] encoding problem with `GPP_PASSWORD` and `GPP_AUTOLOGIN` should be fixed

:rocket: **Modules** :rocket:
- [x] both Metasploit and empire modules are back in the game
- [x] module `wireless` has been added to CME
- [x] module `bh_owned` has been added by Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned :poodle:

Also, thank you all for the support ! :muscle:

Fixed dependency issues. Habemus binaries!