Closed leesoh closed 7 years ago
leesoh
commented
7 years ago Looks like this is an Empire issue with an open PR (https://github.com/adaptivethreat/Empire/pull/329). You can leave this open for anyone else running into it, or close it as it doesn't appear to be a problem with CME.
byt3bl33d3r
commented
7 years ago Weird. Could have sworn I pushed the work around for this. I'll push it up again when I get home. Cheers
byt3bl33d3r
commented
7 years ago Pushed the temporary fix until the issue is resolved on Empire's side. Basically, in the ~/.cme/cme.conf file there's a new config parameter called rest_token. Just paste in the RESTful API token that Empire gives you when you start it's REST server up and you should be good to go. You're going to have to delete your current cme.conf file when you pull down the changes.
Let me know if this works for you.
leesoh
commented
7 years ago Works reaaaaal nice. Thanks!
kafkaesqu3
commented
7 years ago I'm getting this same issue using the latest version of Empire and CME (1.6 and 3.1.5 respectively). Assuming this is an issue on my end, but everything looks to be in order. Any ideas?
root@kali:~$ cat ~/.cme/cme.conf
[Empire]
api_host=127.0.0.1
api_port=1337
rest_token=ug62vzl...9hp9i
username=empireadmin
password=Password123!
root@kali:~$ ./empire --rest --user empireadmin --pass Password123! --debug
[*] Loading modules from: /opt/Empire/lib/modules/
* Starting Empire RESTful API on port: 1337
* RESTful API token: ug62...ufw69hp9i
* Running on https://0.0.0.0:1337/ (Press CTRL+C to quit)
127.0.0.1 - - [26/Mar/2017 00:55:45] "POST /api/admin/login HTTP/1.1" 401 -
root@kali:~$ crackmapexec 192.168.23.5 -u user-p password -M empire_exec -o LISTENER=test --verbose
DEBUG {'domain': None, 'wdigest': None, 'verbose': True, 'sam': False, 'cred_id': [], 'module_options': ['LISTENER=test'], 'fail_limit': None, 'share': 'C$', 'lusers': False, 'module': 'empire_exec', 'smb_port': 445, 'show_options': False, 'rid_brute': None, 'uac': False, 'ufail_limit': None, 'pass_pol': False, 'regex': None, 'list_modules': False, 'no_output': False, 'pattern': None, 'lsa': False, 'force_ps32': False, 'shares': False, 'content': False, 'server_host': '0.0.0.0', 'wmi': None, 'exclude_dirs': '', 'server_port': None, 'wmi_namespace': '//./root/cimv2', 'gfail_limit': None, 'mssql_query': None, 'username': ['user'], 'hash': [], 'users': False, 'sessions': False, 'exec_method': None, 'spider': None, 'ps_execute': None, 'threads': 100, 'mssql_port': 1433, 'password': ['password'], 'mssql': False, 'mssql_auth': 'windows', 'ntds_pwdLastSet': False, 'execute': None, 'target': ['192.168.23.5'], 'ntds_history': False, 'disks': False, 'ntds': None, 'server': 'https', 'depth': 10, 'local_auth': False, 'timeout': 20}
DEBUG Starting new HTTPS connection (1): 127.0.0.1
DEBUG https://127.0.0.1:1337 "POST /api/admin/login HTTP/1.1" 401 0
EMPIRE_EXEC [-] Error authenticating to Empire's RESTful API server!
Kaicastledine
commented
6 years ago @kafkaesqu3
Check Fix commit https://github.com/byt3bl33d3r/CrackMapExec/commit/04c4e3de6460d93119f43e50f7cb2690700b7b55
More info here
Steps to reproduce
sudo empire --rest --user empireadmin --password Password123! --debugsudo cme 192.168.215.129 -id 3 -M empire_exec -o LISTENER=InitialCME verbose output (using the --verbose flag)
Empire output:
OS
Ubuntu 16.10
Target OS
Windows 7 (eventually).
Detailed issue explanation
Still working through this but figured I'd open an issue as well. If I make any progress, I'll update the issue. I'm following both Empire (https://github.com/adaptivethreat/Empire/wiki/RESTful-API#api-authentication) and CME (https://github.com/byt3bl33d3r/CrackMapExec/wiki/Getting-Shells-101) documentation but am getting authentication errors. I'm using the default credentials found in cme.conf.