byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks
BSD 2-Clause "Simplified" License
8.45k stars 1.64k forks source link

Input Parsing Not Working Correctly #351

Closed ghost closed 4 years ago

ghost commented 4 years ago

Describe the bug The password is being concatenated with the intended target.

To Reproduce usage: crackmapexec ssh [-h] [-id CRED_ID [CRED_ID ...]] [-u USERNAME [USERNAME ...]] [-p PASSWORD [PASSWORD ...]] [--gfail-limit LIMIT | --ufail-limit LIMIT | --fail-limit LIMIT] [-M MODULE] [-o MODULE_OPTION [MODULE_OPTION ...]] [-L] [--options] [--server {https,http}] [--server-host HOST] [--server-port PORT] [--port PORT] [--no-output] [-x COMMAND] [target [target ...]] sudo crackmapexec --verbose ssh -u admin -p password 192.168.1.5 DEBUG Passed args: {'cred_id': [], 'darrell': False, 'execute': None, 'fail_limit': None, 'gfail_limit': None, 'jitter': None, 'list_modules': False, 'module': None, 'module_options': [], 'no_output': False, 'password': ['password', '192.168.1.5'], 'port': 22, 'protocol': 'ssh', 'server': 'https', 'server_host': '0.0.0.0', 'server_port': None, 'show_module_options': False, 'target': [], 'threads': 100, 'timeout': None, 'ufail_limit': None, 'username': ['admin'], 'verbose': True}

Expected behavior Needs to be error handling on input checking (i.e. missing target) The target should always be the last input as specified in usage. Or should be first and the usage needs to reflect that ordering of required inputs.

Crackmapexec info

Additional context Add any other context about the problem here.

On another note, if I add the target first I get sudo crackmapexec --verbose ssh -u -p it responds with "argument should be integer or bytes-like object, not 'str'"

mpgn commented 4 years ago

image