Changelog
โ
Next major releases of CME will be sponsorware check this pageโ
Add module
MachineAccountQuota.pyRetrieves the MachineAccountQuota domain-level attribute related to the current userAdd module
get-desc-usersGet the description of each users and search for password in the descriptionAdd module
mssql_privEnumerate and exploit MSSQL privilegesAdd option
--password-not-requiredto retrieve the user with the flag PASSWD_NOTREQDAdd custom port for WinRM
Fix spelling mistake
Bump to lsassy to latest version 2
Add new option
--amsi-bypassto bypass AMSI with your own custom codeAdd module LAPS to retrieve all LAPS password
Add IPv6 support
Add improvment when testing null session for the output
Remove thirdparty folder
โ
Add better error message on LDAP protocol
Add more options to LDAP
option
--groupsoption
--usersoption
--continue-on-success
Add additional Info to LDAP Kerberoasting
Account Name
Password last set
Last logon
Member of
Fix encoding error
Bump to Impacket v0.9.22
Fix issue with
--pass-polfor Maximum password ageFix encoding issue with
spideroption
Switch from gevent to asyncio
Shares are now logged in the database and can be queried
You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
๐ง Issues ๐ง
Rename options
EXTandDIRtoEXCLUDE_EXTSEXCLUDE_DIRonspider_plus moduleFix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3โ
Fix module Wireless
5.1.1dev - [email protected] - 2020-09-20
Switched from Pipenv to Poetry for development and dependency management.
Now has Windows binaries!
5.1.0 - [email protected] - 2020-06-25
๐ซ Features ๐ซ
Add LDAP protocol to CME
Add Kerberoasting support to CME using the flag
--kerberoastingAdd ASREPRoasting support to CME using the flag
--asreproastingAdd AdminCount option to list all users in the domain with property AdminCount=1 using the flag
--admin-countthanks to @ropnop talkCME can list computers and users with unconstrained delegation enabled using the option
--trusted-for-delegationthanks to @ropnop talkAdd an option to SSH protocol supporting connection using private key thanks to @alxblโ
Add the option
--continue-on-successto the SSH protocolAdd new color when the status code of SMB is diffrent from
NT_STATUS_LOGON_FAILUREWinRM protocol support authentication using NTLM hash
-HCME now support docker !
๐ง Issues ๐ง
Fix authentication error on SSH protocol thanks to @ippsec report
Fix authentication error using
--sharesoptions thanks to @ippsec reportImprove WinRM output when authentication failed
Improve WinRM output when SMB port is open
Fix issue with SMB signing required using the flag
--continue-on-successFix issue when using a file as username and a file as hosts
cme smb <file> -u <file> -p <file>Fix debug output when using the
--verboseflag on--pass-polloptionCME binaries are now compiled for Python3.7 instead of Python3.8, CME is impacket friendly :)
๐ซ Features ๐ซ
CME accepts a file as argument with option
-xand-XWinRM can now execute a command even if not local admin thanks to pypsrp lib
Kerberos support is added to CME ๐ฅ
commands
--put-fileand--get-filehave been added allowing to put or get remote fileoption
--no-bruteforcehas been added allowing you to spray credentials without bruteforceCME will now always show FQDN ๐ฎ
๐ง Issues ๐ง
Issues with SSH connection are fixed
MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
Fix some encoding problems as always ๐ฉ
LSASSYmodule output has been improved when no credentials are found thanks to @Hackndoโencoding problem with
GPP_PASSWORDandGPP_AUTOLOGINshould be fixed
๐ Modules ๐
both Metasploit and empire modules are back in the game
module
wirelesshas been added to CMEmodule
bh_ownedhas been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned ๐ฉ
Fixed dependency issues. Habemus binaries!
๐ CrackMapexec ported to Python3 by @mpgn_x64 ๐
โ
โ
โ
