v5.1.4dev Shares Enumeration Slow/Erroring Out

[jsarkisian]

Describe the bug

When running the --shares flag, CME will use the credentials to authenticate to all hosts on the subnet, pause for a while, then error out like so:

To Reproduce Steps to reproduce the behavior:

Command run: cme smb <subnet> -u <user> -p <pass> --shares

Expected behavior CME quickly outputs all shares and associated rights for the user account as in previous versions.

Screenshots See above

Crackmapexec info

• OS: Kali
• Version of CME: 5.1.4dev

[mpgn]

Hello,

Run the command cmedb, can you see the table shares ?

[thiagogilis]

I found a solution, run your command with "--continue-on-success" at the end. Example: crackmapexec smb -u users.txt -p passwords.txt --shares 11.11.11.111 --continue-on-success

[jsarkisian]

No the DB isn’t working at all. Let me see if there’s something screwy with my install.

[sebrink]

Hey, I'm having the exact same issue as @jsarkisian.

I'm running on 5.1.4dev that was installed via apt with kali repos.

cmedb (default)(smb) > help

Documented commands (type help <topic>):
========================================
help

Undocumented commands:
======================
back  creds  exit  export  groups  hosts  import  shares

cmedb (default)(smb) > shares
Traceback (most recent call last):
  File "/usr/bin/cmedb", line 33, in <module>
    sys.exit(load_entry_point('crackmapexec==5.1.4.dev0', 'console_scripts', 'cmedb')())
  File "/usr/lib/python3/dist-packages/cme/cmedb.py", line 293, in main
    cmedbnav = CMEDBMenu(config_path)
  File "/usr/lib/python3/dist-packages/cme/cmedb.py", line 207, in __init__
    self.do_proto(self.db)
  File "/usr/lib/python3/dist-packages/cme/cmedb.py", line 233, in do_proto
    proto_menu.cmdloop()
  File "/usr/lib/python3.8/cmd.py", line 138, in cmdloop
    stop = self.onecmd(line)
  File "/usr/lib/python3.8/cmd.py", line 217, in onecmd
    return func(arg)
  File "/usr/lib/python3/dist-packages/cme/protocols/smb/db_navigator.py", line 89, in do_shares
    shares = self.db.get_shares()
  File "/usr/lib/python3/dist-packages/cme/protocols/smb/database.py", line 105, in get_shares
    if self.is_share_valid(filterTerm):
  File "/usr/lib/python3/dist-packages/cme/protocols/smb/database.py", line 95, in is_share_valid
    cur.execute('SELECT * FROM shares WHERE id=? LIMIT 1', [shareID])
sqlite3.OperationalError: no such table: shares

[sebrink]

It looks like I had a previous version of CME and upgraded from v5.0.x to v5.1.4dev.

It looks like it did not create the shares table in the smb database when I updated.

~/.cme/workspaces/default$ sqlite3 smb.db
SQLite version 3.33.0 2020-08-14 13:23:32
Enter ".help" for usage hints.
sqlite> .tables
admin_relations     group_relations     loggedin_relations
computers           groups              users
sqlite>

[sebrink]

Temporary Fix!

Not the best way to do it as you'll lose your current smb.db, but if you remove the ~/.cme/logs/workspaces/default/smb.db file and run v5.1.4, it will detect there is no smb.db and reinitialize the database with the shares table.

Steps to fix:

rm ~/.cme/logs/workspaces/default/smb.db
cme

[mpgn]

Thanks for the research, I would recommend this:

mv ~/.cme/logs/workspaces/default/smb.db ~/.cme/logs/workspaces/default/smb.db.old
cme

[jsarkisian]

Perfect. Thanks for that @sebrink! It worked.

[mpgn]

Closing the issue, thanks @jsarkisian and @sebrink :+1: