Changelog
Changelog of CrackMapExec
โ€‹
Next major releases of CME will be sponsorware check this pageโ€‹

5.2.2dev - The Dark Knight - 2022-01-15

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Add module nanodump
  • Add module handleKatz
  • Bump module LSASSY to version 3 thanks to @Pixis
  • Add timeout to avoid CTRL-C situation
  • Improve LDAP output
  • No more sudo needed to exec command
  • Integration of bloodhound
  • New core option --laps to exec code on all machines even if laps is used
  • Improve NULL session option
  • Add module adcs to exploit ADCS attack thanks to @qtc-de and @snovvcrashโ€‹
  • Add module MS17-010
  • Add module zerologon @_dirkjan @AirbusSecLabโ€‹
  • Add module noPAC @exploitph @Evi1cg
  • Add module petitPotam @topotam77
  • Add module ioxidresolver @AirbusSecLabโ€‹

๐Ÿ”ง Issues ๐Ÿ”ง

Issues ยท byt3bl33d3r/CrackMapExec
GitHub
All fixed issues

5.1.7dev - U fancy huh ? - 2021-05-30

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Add module MachineAccountQuota.py to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0daliriusโ€‹
  • Add module get-desc-users Get the description of each users and search for password in the description @nodaufโ€‹
  • Add module mssql_priv to enumerate and exploit MSSQL privileges @sokaRepoโ€‹
  • Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD @nodaufโ€‹
  • Add custom port for WinRM
  • Switch from gevent to asyncio
  • Shares are now logged in the database and can be queried
  • You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
  • Add better error message on LDAP protocol
  • Add more options to LDAP
    • option --groups
    • option --users
    • option --continue-on-success
  • Add additional Info to LDAP Kerberoasting
    • Account Name
    • Password last set
    • Last logon
    • Member of
  • Bump lsassy to latest version 2
  • Add new option --amsi-bypass to bypass AMSI with your own custom code
  • Add module LAPS to retrieve all LAPS passwords
  • Add IPv6 support
  • Add improvment when testing null session for the output
  • Remove thirdparty folder ๐Ÿฅณ

๐Ÿ”ง Issues ๐Ÿ”ง

  • Fix spelling mistakes
  • Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIR on spider_plus module
  • Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3โ€‹
  • Fix module Wireless
  • Fix issue with --pass-pol for Maximum password age
  • Fix encoding issue with spider option

5.1.6dev - U fancy huh ? - 2021-03-08

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Bump to lsassy to latest version 2
  • Add new option --amsi-bypass to bypass AMSI with your own custom code
  • Add module LAPS to retrieve all LAPS password
  • Add IPv6 support
  • Add improvment when testing null session for the output
  • Remove thirdparty folder

๐Ÿ”ง Issues ๐Ÿ”ง

5.1.5dev - U fancy huh ? - 2021-01-21

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Add better error message on LDAP protocol
  • Add more options to LDAP
    • option --groups
    • option --users
    • option --continue-on-success
  • Add additional Info to LDAP Kerberoasting
    • Account Name
    • Password last set
    • Last logon
    • Member of

๐Ÿ”ง Issues ๐Ÿ”ง

  • Fix encoding error

5.1.4dev - U fancy huh ? - 2020-12-01

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Bump to Impacket v0.9.22

๐Ÿ”ง Issues ๐Ÿ”ง

  • Fix issue with --pass-pol for Maximum password age
  • Fix encoding issue with spider option

5.1.3dev - U fancy huh ? - 2020-11-16

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Switch from gevent to asyncio
  • Shares are now logged in the database and can be queried
  • You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
๐Ÿ”ง Issues ๐Ÿ”ง
  • Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIRon spider_plus module
  • Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3โ€‹
  • Fix module Wireless

5.1.1dev - [email protected] - 2020-09-20

๐Ÿ’ซ Features ๐Ÿ’ซ

  • Switched from Pipenv to Poetry for development and dependency management.
  • Now has Windows binaries!

5.1.0 - [email protected] - 2020-06-25

๐Ÿ’ซ Features ๐Ÿ’ซ
  • Add LDAP protocol to CME
  • Add Kerberoasting support to CME using the flag --kerberoasting
  • Add ASREPRoasting support to CME using the flag --asreproasting
  • Add AdminCount option to list all users in the domain with property AdminCount=1 using the flag--admin-count thanks to @ropnop talk
  • CME can list computers and users with unconstrained delegation enabled using the option --trusted-for-delegationthanks to @ropnop talk
  • Add an option to SSH protocol supporting connection using private key thanks to @alxblโ€‹
  • Add the option --continue-on-success to the SSH protocol
  • Add new color when the status code of SMB is diffrent from NT_STATUS_LOGON_FAILURE
  • WinRM protocol support authentication using NTLM hash -H
  • CME now support docker !
๐Ÿ”ง Issues ๐Ÿ”ง
  • Fix authentication error on SSH protocol thanks to @ippsec report
  • Fix authentication error using --shares options thanks to @ippsec report
  • Improve WinRM output when authentication failed
  • Improve WinRM output when SMB port is open
  • Fix issue with SMB signing required using the flag --continue-on-success
  • Fix issue when using a file as username and a file as hosts cme smb <file> -u <file> -p <file>
  • Fix debug output when using the --verbose flag on --pass-poll option
  • CME binaries are now compiled for Python3.7 instead of Python3.8, CME is impacket friendly :)

5.0.2 - P3l1as - 2020-05-04

๐Ÿ’ซ Features ๐Ÿ’ซ
  • CME accepts a file as argument with option -x and -X
  • WinRM can now execute a command even if not local admin thanks to pypsrp lib
  • Kerberos support is added to CME ๐Ÿ’ฅ
  • commands --put-file and --get-file have been added allowing to put or get remote file
  • option --no-bruteforce has been added allowing you to spray credentials without bruteforce
  • CME will now always show FQDN ๐Ÿ‘ฎ
๐Ÿ”ง Issues ๐Ÿ”ง
  • Issues with SSH connection are fixed
  • MSSQL and WinRM protocoles have been updated allowing connections even if SMB is not open
  • Fix some encoding problems as always ๐Ÿ’ฉ
  • LSASSY module output has been improved when no credentials are found thanks to @Hackndoโ€‹
  • encoding problem with GPP_PASSWORD and GPP_AUTOLOGIN should be fixed
๐Ÿš€ Modules ๐Ÿš€
  • both Metasploit and empire modules are back in the game
  • module wireless has been added to CME
  • module bh_owned has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned ๐Ÿฉ
Release CrackMapExec v5.0.2dev - P3l1as ยท byt3bl33d3r/CrackMapExec
GitHub

5.0.1 - P3l1as - 2020-04-20

Fixed dependency issues. Habemus binaries!
Release CrackMapExec v5.0.1dev ยท byt3bl33d3r/CrackMapExec
GitHub

5.0.0 - P3l1as - 2020-04-19

๐Ÿš€ CrackMapexec ported to Python3 by @mpgn_x64 ๐Ÿš€
Release CrackMapExec v5.0.0 ยท byt3bl33d3r/CrackMapExec
GitHub
โ€‹

4.1.0 - Bug Pr0n - 2018-03-22

GitHub - byt3bl33d3r/CrackMapExec at 4.1.0dev
GitHub

3.1.5 - Bug Pr0n - 2018-03-22

Release CrackMapExec v3.1.5 ยท byt3bl33d3r/CrackMapExec
GitHub
โ€‹
โ€‹