A swiss army knife for pentesting networks
More on : https://wiki.porchetta.industries/news-2022/indestructible-g0thm0g
All binaries on => https://github.com/Porchetta-Industries/CrackMapExec/actions/runs/3462698710
Full Changelog: https://github.com/Porchetta-Industries/CrackMapExec/compare/v5.3.0...v5.4.0
More on https://mpgn.gitbook.io/crackmapexec/
Full Changelog: https://github.com/Porchetta-Industries/CrackMapExec/compare/v5.2.2...v5.3.0
More on https://mpgn.gitbook.io/crackmapexec/news-2022/major-release-for-crackmapexec
💫 Features 💫
nanodump
handleKatz
--laps
to exec code on all machines even if laps is usedMS17-010
zerologon
​noPAC
petitPotam
ioxidresolver
​🔧 Issues 🔧
Thanks to @qtc-de @snovvcrash @tiyeuse @p0dalirius @Dliv3 @ShutdownRepo
All features and Issues from 5.1.3 to 5.1.7
💫 Features 💫
MachineAccountQuota.py
to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0daliriusget-desc-users
Get the description of each users and search for password in the description @nodaufmssql_priv
to enumerate and exploit MSSQL privileges @sokaRepo--password-not-required
to retrieve the user with the flag PASSWD_NOTREQD
@nodauf--groups
--users
--continue-on-success
--amsi-bypass
to bypass AMSI with your own custom code🔧 Issues 🔧
EXCLUDE_EXTS EXCLUDE_DIR
on spider_plus module--pass-pol
for Maximum password ageIntroducing CME doc on Gitbook: https://mpgn.gitbook.io/crackmapexec/
💫 Features 💫
spider_plus
to list and dump all files from all readable shares thanks to @vincd--kerberoasting
--asreproasting
--admin-count
option to list all users in the domain with property AdminCount=1 thanks to @ropnop talk--trusted-for-delegation
thanks to @ropnop talk🔧 Issues 🔧
--continue-on-success
cme smb <file> -u <file> -p <file>
--verbose
flag on --pass-poll
option:dizzy: Features :dizzy:
-x
and -X
--put-file
and --get-file
have been added allowing to put or get remote file--no-bruteforce
has been added allowing you to spray credentials without bruteforce:wrench: Issues :wrench:
LSASSY
module output has been improved when no credentials are found thanks to @HackndoGPP_PASSWORD
and GPP_AUTOLOGIN
should be fixed:rocket: Modules :rocket:
wireless
has been added to CMEbh_owned
has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned :poodle:Also, thank you all for the support ! :muscle:
Fixed dependency issues. Habemus binaries!
Python 3! Yay! Thanks @mpgn !