search

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks
BSD 2-Clause "Simplified" License
8.46k stars 1.64k forks source link

Add error handling when enumerating password policy #136

Closed its0x08 closed 7 years ago

its0x08 commented 8 years ago

Steps to reproduce

its0x08@pc:~$ sudo crackmapexec 46.16****_56 -t 100 -u admin -p admin --pass-pol
CME          46.16**_**56:445 WIN-A****_0HTPQ [_] Windows 6.1 Build 7601 (name:WIN-AMDJCT0HTPQ) (domain:WIN-A****_0HTPQ)
CME          46.16**_**56:445 WIN-A****_0HTPQ [+] WIN-A**_**0HTPQ\admin:admin 
CME          46.16****_56:445 WIN-A**_**0HTPQ [+] Dumping password policy
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/gevent/greenlet.py", line 534, in run
    result = self._run(_self.args, *_self.kwargs)
  File "/usr/local/lib/python2.7/dist-packages/crackmapexec-3.1.5.dev0-py2.7.egg/cme/connection.py", line 208, in __init__
    getattr(self, k)()
  File "/usr/local/lib/python2.7/dist-packages/crackmapexec-3.1.5.dev0-py2.7.egg/cme/connection.py", line 566, in pass_pol
    return PassPolDump(self).enum()
  File "/usr/local/lib/python2.7/dist-packages/crackmapexec-3.1.5.dev0-py2.7.egg/cme/enum/passpol.py", line 64, in enum
    self.get_pass_pol(self.addr, rpctransport, dce, domainHandle)
  File "/usr/local/lib/python2.7/dist-packages/crackmapexec-3.1.5.dev0-py2.7.egg/cme/enum/passpol.py", line 103, in get_pass_pol
    resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation)
  File "/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/samr.py", line 2579, in hSamrQueryInformationDomain
    return dce.request(request)
  File "/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/rpcrt.py", line 859, in request
    raise exception
DCERPCSessionError: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights.
<Greenlet at 0xb644966cL: Connection(Namespace(content=False, cred_id=[], depth=10, dis, <cme.database.CMEDatabase instance at 0xb60c6a0c>, '46.16*****56', None, None, None, 'AALPM')> failed with DCERPCSessionError

[*] KTHXBYE!
its0x08@pc:~$

Command string used

sudo crackmapexec 46.16*****56 -t 100 -u admin -p admin --pass-pol

CME verbose output (using the --verbose flag)

OS

Linux pc 4.4.0-43-generic #63-Ubuntu SMP Wed Oct 12 13:50:36 UTC 2016 i686 i686 i686 GNU/Linux

Target OS

Windows 6.1 Build 7601

Detailed issue question

Why is this happening to me ?! I got tired of getting this message, Im using it for 1 year from now and I still continue to get this stuff :3

byt3bl33d3r commented 8 years ago

... well I mean you can always submit a pull request if you're that tired if these errors lol

In any case this really isn't CME's fault. the creds you are using don't have rights to access the domain password policy. (as you can see from the access denied message).

The only thing I can do here is add some error handling TL;DR this isn't a bug

its0x08 commented 7 years ago

Than add the error handling! Also please try to fix unicode text issue, its also super important!!!

its0x08 commented 7 years ago

Thanks! Im reporting this kinda stuff because I like alot this tool and i want it perfect!! I had an idea doit such a tool but since I had not time to code I started to love this one!! ✌✌