Closed mez-0 closed 5 years ago
@mez0cc
right after the line
winrm_parser = parser.add_parser('winrm', help="own stuff using WINRM", parents=[std_parser, module_parser])
in /cme/protocols/winrm.py (line 26)
Add this line:
winrm_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes')
then rebuild ~
python setup.py install
@awsmhacks, sorted it. Thanks.
Steps to reproduce
The
winrm
mode doesn't like using users/password files. This was used against a HackTheBox machine, (Heist) and in doing so; cme crashed. Note, here is the machine info:Windows 10.0 Build 17763 x64
Command string used
cme winrm 10.10.10.149 -u usernames.txt -p passwords.txt
CME verbose output (using the --verbose flag)
CME Version (cme --version)
4.0.1dev - Bug Pr0n
OS
Target OS
Detailed issue explanation
It seems to communicate with
cme winrm 10.10.10.149 -u admin -p admin
, but when the list is specified; thats when it dies.It also works if you use:
But, it crashes when
-u usernames.txt
and-p secr3t
.For reference, the usernames file is: