cme not reading files passed as -H

[arty-hlr]

Describe the bug Crackmapexec is passing _io.TextIOWrapper instead of string to os.path.exists(ntlm_hash).

To Reproduce Steps to reproduce the behavior:

ls -l
total 16
-rw-r--r-- 1 florian florian 7392 Dec 11 17:52 hashes.txt
-rw-r--r-- 1 florian florian 4105 Dec 11 17:51 users.txt

cme smb -u users.txt -H hashes.txt 172.16.2.102
ProxyChains-3.1 (http://proxychains.sf.net)
Traceback (most recent call last):
  File "/home/florian/.local/bin/cme", line 8, in <module>
    sys.exit(main())
  File "/home/florian/.local/pipx/venvs/crackmapexec/lib/python3.8/site-packages/cme/crackmapexec.py", line 83, in main
    if os.path.exists(ntlm_hash):
  File "/usr/lib/python3.8/genericpath.py", line 19, in exists
    os.stat(path)
TypeError: stat: path should be string, bytes, os.PathLike or integer, not _io.TextIOWrapper

Expected behavior Crackmapexec should read the contents of hashes.txt

Crackmapexec info

• OS: Linux parrot 5.8.0-1parrot1-amd64 #1 SMP Debian 5.8.7-1parrot1 (2020-09-14) x86_64 GNU/Linux
• Version of CME: 5.1.1dev
• Installed from apt or using latest release ? Installed from pipx

[mpgn]

Try with full path of the file.

[arty-hlr]

I did. You did not reproduce my command, see the difference between:

proxychains cme smb -u $(pwd)/test_user.txt -H $(pwd)/test_hash.txt 172.16.2.6
ProxyChains-3.1 (http://proxychains.sf.net)
Traceback (most recent call last):
  File "/home/florian/.local/bin/cme", line 8, in <module>
    sys.exit(main())
  File "/home/florian/.local/pipx/venvs/crackmapexec/lib/python3.8/site-packages/cme/crackmapexec.py", line 83, in main
    if os.path.exists(ntlm_hash):
  File "/usr/lib/python3.8/genericpath.py", line 19, in exists
    os.stat(path)
TypeError: stat: path should be string, bytes, os.PathLike or integer, not _io.TextIOWrapper

and

proxychains cme smb 172.16.2.6 -u $(pwd)/test_user.txt -H $(pwd)/test_hash.txt
ProxyChains-3.1 (http://proxychains.sf.net)
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:445-<><>-OK
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:135-<><>-OK
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:445-<><>-OK
SMB         172.16.2.6      445    DC02             [*] Windows Server 2016 Standard 14393 x64 (name:DC02) (domain:XXX) (signing:True) (SMBv1:True)
SMB         172.16.2.6      445    DC02             [-] XXX\Administrator:0109d7e72fcfe404186c4079ba6cf79c STATUS_LOGON_FAILURE

Even though the help clearly states the target at the end:

usage: cme smb [-h] [-id CRED_ID [CRED_ID ...]] [-u USERNAME [USERNAME ...]] [-p PASSWORD [PASSWORD ...]] [-k] [--aesKey AESKEY [AESKEY ...]] [--kdcHost KDCHOST]
               [--gfail-limit LIMIT | --ufail-limit LIMIT | --fail-limit LIMIT] [-M MODULE] [-o MODULE_OPTION [MODULE_OPTION ...]] [-L] [--options] [--server {https,http}]
               [--server-host HOST] [--server-port PORT] [-H HASH [HASH ...]] [--no-bruteforce] [-d DOMAIN | --local-auth] [--port {139,445}] [--share SHARE]
               [--smb-server-port SMB_SERVER_PORT] [--gen-relay-list OUTPUT_FILE] [--continue-on-success] [--sam | --lsa | --ntds [{drsuapi,vss}]] [--shares] [--sessions] [--disks]
               [--loggedon-users] [--users [USER]] [--groups [GROUP]] [--local-groups [GROUP]] [--pass-pol] [--rid-brute [MAX_RID]] [--wmi QUERY] [--wmi-namespace NAMESPACE]
               [--spider SHARE] [--spider-folder FOLDER] [--content] [--exclude-dirs DIR_LIST] [--pattern PATTERN [PATTERN ...] | --regex REGEX [REGEX ...]] [--depth DEPTH] [--only-files]
               [--put-file FILE FILE] [--get-file FILE FILE] [--exec-method {smbexec,wmiexec,mmcexec,atexec}] [--force-ps32] [--no-output] [-x COMMAND | -X PS_COMMAND] [--obfs]
               [--clear-obfscripts]
               [target [target ...]]

[mpgn]

Now you know :)

cme <proto> <ip> -<options>

[arty-hlr]

Sorry, how is this fixed? At least change the help message to reflect your last message, my command was straight out of it with the positional parameter of the target at the end, and didn't work, does that seem like normal behavior to you?