Closed arty-hlr closed 3 years ago
Try with full path of the file.
I did. You did not reproduce my command, see the difference between:
proxychains cme smb -u $(pwd)/test_user.txt -H $(pwd)/test_hash.txt 172.16.2.6
ProxyChains-3.1 (http://proxychains.sf.net)
Traceback (most recent call last):
File "/home/florian/.local/bin/cme", line 8, in <module>
sys.exit(main())
File "/home/florian/.local/pipx/venvs/crackmapexec/lib/python3.8/site-packages/cme/crackmapexec.py", line 83, in main
if os.path.exists(ntlm_hash):
File "/usr/lib/python3.8/genericpath.py", line 19, in exists
os.stat(path)
TypeError: stat: path should be string, bytes, os.PathLike or integer, not _io.TextIOWrapper
and
proxychains cme smb 172.16.2.6 -u $(pwd)/test_user.txt -H $(pwd)/test_hash.txt
ProxyChains-3.1 (http://proxychains.sf.net)
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:445-<><>-OK
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:135-<><>-OK
|S-chain|-<>-127.0.0.1:1080-<><>-172.16.2.6:445-<><>-OK
SMB 172.16.2.6 445 DC02 [*] Windows Server 2016 Standard 14393 x64 (name:DC02) (domain:XXX) (signing:True) (SMBv1:True)
SMB 172.16.2.6 445 DC02 [-] XXX\Administrator:0109d7e72fcfe404186c4079ba6cf79c STATUS_LOGON_FAILURE
Even though the help clearly states the target at the end:
usage: cme smb [-h] [-id CRED_ID [CRED_ID ...]] [-u USERNAME [USERNAME ...]] [-p PASSWORD [PASSWORD ...]] [-k] [--aesKey AESKEY [AESKEY ...]] [--kdcHost KDCHOST]
[--gfail-limit LIMIT | --ufail-limit LIMIT | --fail-limit LIMIT] [-M MODULE] [-o MODULE_OPTION [MODULE_OPTION ...]] [-L] [--options] [--server {https,http}]
[--server-host HOST] [--server-port PORT] [-H HASH [HASH ...]] [--no-bruteforce] [-d DOMAIN | --local-auth] [--port {139,445}] [--share SHARE]
[--smb-server-port SMB_SERVER_PORT] [--gen-relay-list OUTPUT_FILE] [--continue-on-success] [--sam | --lsa | --ntds [{drsuapi,vss}]] [--shares] [--sessions] [--disks]
[--loggedon-users] [--users [USER]] [--groups [GROUP]] [--local-groups [GROUP]] [--pass-pol] [--rid-brute [MAX_RID]] [--wmi QUERY] [--wmi-namespace NAMESPACE]
[--spider SHARE] [--spider-folder FOLDER] [--content] [--exclude-dirs DIR_LIST] [--pattern PATTERN [PATTERN ...] | --regex REGEX [REGEX ...]] [--depth DEPTH] [--only-files]
[--put-file FILE FILE] [--get-file FILE FILE] [--exec-method {smbexec,wmiexec,mmcexec,atexec}] [--force-ps32] [--no-output] [-x COMMAND | -X PS_COMMAND] [--obfs]
[--clear-obfscripts]
[target [target ...]]
Now you know :)
cme <proto> <ip> -<options>
Sorry, how is this fixed? At least change the help message to reflect your last message, my command was straight out of it with the positional parameter of the target at the end, and didn't work, does that seem like normal behavior to you?
Describe the bug Crackmapexec is passing
_io.TextIOWrapper
instead ofstring
toos.path.exists(ntlm_hash)
.To Reproduce Steps to reproduce the behavior:
Expected behavior Crackmapexec should read the contents of hashes.txt
Crackmapexec info