Open Dliv3 opened 2 years ago
thanks for the report, I will look into it :)
Not only a problem on macOS. This exists in Kali Linux as well (Version: 5.1.5dev
)
Workarounds until a bugfix is pushed:
ulimit
Increase the upper bound on file descriptors with ulimit
That the solution I use. Maybe I should print the error not only in debug mode
Printing this error outside of debug mode would certainly help raise awareness of the issue and notify people that data is getting dropped during their scans, but I wouldn't call ulimit
a solution. It's a workaround. The issue is in how CME handles connections.
From what I understand, this bug is either caused by too many concurrent connections, or the file descriptors for these sockets are not getting cleaned up properly.
Workarounds until a bugfix is pushed:
- Increase the upper bound on file descriptors with
ulimit
- Chunk the scan into smaller batches
Where is the ulimit
supposed to be set? I don't see it in the cme.conf file.
hrm, it does seem ulimit hasn't been explained at all in this thread. That would probably be helpful.
ulimit is short for user limit (I believe) and it is a limiter in place for how many file handles a single user on a system can have open at one time. In other words, it is not a crackmapexec implemented limit, it is a linux system enforced limit. So, you have to change this limit in the system config files, not crackmapexec files.
You can change the ulimit for a user with the command ulimit
. There should be a man or help page for it, and also this stack overflow question covers a fair bit about changing the limits. https://askubuntu.com/questions/162229/how-do-i-increase-the-open-files-limit-for-a-non-root-user
Steps to reproduce
https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/protocols/smb.py#L411
Modify the
create_smbv3_conn
function to the following code to print exception messageThen, execute CME, using the default 100 threads or more
CME verbose output (using the --verbose flag)
CME Version (cme --version)
5.1.7dev
OS
macOS Big Sur 11.2.3
Detailed issue explanation
The
Too many open files
errors cause some targets was missed in the CME scanning process and final resultsI know that I can use
ulimit
to increase the maximum file descriptors, but It seems better if this issue can be solved in the code level.