CrackMapExec-KK60ewK1) sh-3.2# cme --verbose smb 192.168.225.110 -u Administrator -p Empire123! --local-auth -x whoami
DEBUG Passed args:
{'clear_obfscripts': False,
'content': False,
'cred_id': [],
'darrell': False,
'depth': None,
'disks': False,
'domain': None,
'exclude_dirs': '',
'exec_method': None,
'execute': 'whoami',
'fail_limit': None,
'force_ps32': False,
'gen_relay_list': None,
'gfail_limit': None,
'groups': None,
'hash': [],
'jitter': None,
'list_modules': False,
'local_auth': True,
'local_groups': None,
'loggedon_users': False,
'lsa': False,
'module': None,
'module_options': [],
'no_output': False,
'ntds': None,
'obfs': False,
'only_files': False,
'pass_pol': False,
'password': ['Empire123!'],
'pattern': None,
'port': 445,
'protocol': 'smb',
'ps_execute': None,
'regex': None,
'rid_brute': None,
'sam': False,
'server': 'https',
'server_host': '0.0.0.0',
'server_port': None,
'sessions': False,
'share': 'C$',
'shares': False,
'show_module_options': False,
'spider': None,
'spider_folder': '.',
'target': ['192.168.225.110'],
'threads': 100,
'timeout': None,
'ufail_limit': None,
'username': ['Administrator'],
'users': None,
'verbose': True,
'wmi': None,
'wmi_namespace': 'root\\cimv2'}
SMB 192.168.225.110 445 WIN10SVC [*] Windows 10 Enterprise 16299 x64 (name:WIN10SVC) (domain:WIN10SVC) (signing:False) (SMBv1:True)
DEBUG Your pycrypto doesn't support AES.MODE_CCM. Currently only pycrypto experimental supports this mode.
Download it from https://www.dlitz.net/software/pycrypto
DEBUG add_credential(credtype=plaintext, domain=WIN10SVC, username=Administrator, password=Empire123!, groupid=None, pillaged_from=None) => None
SMB 192.168.225.110 445 WIN10SVC [+] WIN10SVC\Administrator:Empire123! (Pwn3d!)
DEBUG Calling execute()
DEBUG Starting SMB server
DEBUG Config file parsed
DEBUG Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
DEBUG Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
DEBUG Config file parsed
DEBUG Config file parsed
DEBUG Config file parsed
DEBUG Target system is 192.168.225.110 and isFDQN is False
DEBUG StringBinding: WIN10SVC[50775]
DEBUG StringBinding: 192.168.225.110[50775]
DEBUG StringBinding chosen: ncacn_ip_tcp:192.168.225.110[50775]
DEBUG Incoming connection (192.168.215.11,50005)
DEBUG Closing down connection (192.168.215.11,50005)
DEBUG Remaining connections []
DEBUG Incoming connection (192.168.215.11,50006)
DEBUG AUTHENTICATE_MESSAGE (DOMAIN\Administrator,DC02)
DEBUG User Administrator\DC02 authenticated successfully
DEBUG Administrator::DOMAIN:18d46c3b8f355f7000000000000000000000000000000000:03b8967985852c610e58XXXXXXXXd4f97b9045918c:4141414141414141
DEBUG Unsupported DCERPC opnum 2 called for interface ('6BFFD098-A112-3610-9833-46C3F87E345A', '1.0')
DEBUG Disconnecting Share(1:IPC$)
DEBUG Handle: [Errno 54] Connection reset by peer
DEBUG Closing down connection (192.168.215.11,50006)
DEBUG Remaining connections []
DEBUG Error executing command via wmiexec, traceback:
Traceback (most recent call last):
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/gevent/greenlet.py", line 536, in run
result = self._run(*self.args, **self.kwargs)
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 108, in __init__
connection.__init__(self, args, db, host)
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 41, in __init__
self.proto_flow()
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 77, in proto_flow
self.call_cmd_args()
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 84, in call_cmd_args
getattr(self, k)()
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/connection.py", line 17, in _decorator
return func(self, *args, **kwargs)
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 81, in _decorator
output = func(self, *args, **kwargs)
File "/Users/kaic/.local/share/virtualenvs/CrackMapExec-KK60ewK1/lib/python2.7/site-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 394, in execute
logging.debug(format_exc())
NameError: global name 'format_exc' is not defined
Wed Feb 14 09:07:35 2018 <Greenlet at 0x1064f8870: smb(Namespace(clear_obfscripts=False, content=False, c, <protocol.database instance at 0x108018bd8>, '192.168.225.110')> failed with NameError
CME Version (cme --version)
4.0.1dev - Bug Pr0n
OS
Mac OS High Serria 10.13.3
Kali Linux rolling 4.14.0.0 (2018-01-25)
Target OS
Windows 10
Detailed issue explanation
Right this is a bit of a networking issue our end it seems from the debug log but it's an odd one.
Seems a DC on a different domain (Not out test lab one) on a different subnet X.X.215.X instead of X.X.225.X (Lab) is connecting when using CME.
Not sure if anyones got any idea about that ?
Then the second error is NameError: global name 'format_exc' is not defined
Which I get when running the empire & Metasploit module on both OSX/Kali
Steps to reproduce
Mac OS High Serria 10.13.3
Kali Linux rolling 4.14.0.0 (2018-01-25)
Command string used
cme smb 192.168.225.110 -u Administrator -p Empire123! --local-auth -x whoami
CME verbose output (using the --verbose flag)
CME Version (cme --version)
4.0.1dev - Bug Pr0n
OS
Mac OS High Serria 10.13.3 Kali Linux rolling 4.14.0.0 (2018-01-25)
Target OS
Windows 10
Detailed issue explanation
Right this is a bit of a networking issue our end it seems from the debug log but it's an odd one. Seems a DC on a different domain (Not out test lab one) on a different subnet X.X.215.X instead of X.X.225.X (Lab) is connecting when using CME.
Not sure if anyones got any idea about that ?
Then the second error is NameError: global name 'format_exc' is not defined Which I get when running the empire & Metasploit module on both OSX/Kali