Closed Qayin1337 closed 2 years ago
The debug output says this on the last line: TypeError: kerberos_login() missing 1 required positional argument: 'kdcHost'
Have you tried to specify the --kdcHost option?
Did you check the wiki ? https://mpgn.gitbook.io/crackmapexec/getting-started/using-kerberos
Did you check the wiki ? https://mpgn.gitbook.io/crackmapexec/getting-started/using-kerberos
I have and I am still receiving the same error as @Qayin1337 . Its like it isnt reading the --kdcHost
argument.
Actually I think I found the issue.
The smb connection class defines 3 params for kerberos_login
https://github.com/byt3bl33d3r/CrackMapExec/blob/70033f83ff686be1877a851d9087d6678bdff6d8/cme/protocols/smb.py#L331 but it was being called with only 2, in the 5.2.2dev release, the last being the kdcHost
https://github.com/byt3bl33d3r/CrackMapExec/blob/8118e9078e525566322c2942fd1f0984e182ab32/cme/connection.py#L163
That appears to have been fixed in master but not released yet. https://github.com/byt3bl33d3r/CrackMapExec/blob/70033f83ff686be1877a851d9087d6678bdff6d8/cme/connection.py#L163
@Qayin1337 you may be able to fix your issue by following the wiki and then installing cme from the master branch rather than the most recent release. @mpgn any chance we can get a release build with that fix included?
I will release tomorrow or next week yep
Easily reproduceable in my lab, very simple 2 DC, 2016 config level domain, linux (Kali) machine is in the same subnet i tried replacing DC01.qlab.local with pretty much everything else i could thing of, including IP, netbios name, impacket user syntax, etc.
using the same ticket i can successfully execute psexec.py (-k).
this is my command and error: ┌──(root㉿kali)-[/opt/ticket_converter] └─# crackmapexec --verbose smb 192.168.45.10 --kerberos DEBUG Passed args: {'aesKey': None, 'amsi_bypass': None, 'clear_obfscripts': False, 'computers': None, 'connectback_host': None, 'content': False, 'continue_on_success': False, 'cred_id': [], 'darrell': False, 'depth': None, 'disks': False, 'domain': None, 'exclude_dirs': '', 'exec_method': None, 'execute': None, 'export': None, 'fail_limit': None, 'force_ps32': False, 'gen_relay_list': None, 'get_file': None, 'gfail_limit': None, 'groups': None, 'hash': [], 'jitter': None, 'kdcHost': None, 'kerberos': True, 'laps': None, 'list_modules': False, 'local_auth': False, 'local_groups': None, 'loggedon_users': False, 'lsa': False, 'module': None, 'module_options': [], 'no_bruteforce': False, 'no_output': False, 'ntds': None, 'obfs': False, 'only_files': False, 'pass_pol': False, 'password': [], 'pattern': None, 'port': 445, 'protocol': 'smb', 'ps_execute': None, 'put_file': None, 'regex': None, 'rid_brute': None, 'sam': False, 'server': 'https', 'server_host': '0.0.0.0', 'server_port': None, 'sessions': False, 'share': 'C$', 'shares': False, 'show_module_options': False, 'smb_server_port': 445, 'smb_timeout': 2, 'spider': None, 'spider_folder': '.', 'target': ['192.168.45.10'], 'threads': 100, 'timeout': None, 'ufail_limit': None, 'username': [], 'users': None, 'verbose': True, 'wmi': None, 'wmi_namespace': 'root\cimv2'} DEBUG Using selector: EpollSelector DEBUG Running DEBUG Started thread poller SMB 192.168.45.10 445 DC01 [] Windows Server 2016 Standard Evaluation 14393 x64 (name:DC01) (domain:Qlab.local) (signing:True) (SMBv1:True) DEBUG Stopped thread poller Traceback (most recent call last): File "/usr/bin/crackmapexec", line 8, in
sys.exit(main())
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 254, in main
asyncio.run(
File "/usr/lib/python3.9/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 102, in start_threadpool
await asyncio.gather( jobs)
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 68, in run_protocol
await asyncio.wait_for(
File "/usr/lib/python3.9/asyncio/tasks.py", line 442, in wait_for
return await fut
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3/dist-packages/cme/protocols/smb.py", line 125, in init
connection.init(self, args, db, host)
File "/usr/lib/python3/dist-packages/cme/connection.py", line 62, in init
self.proto_flow()
File "/usr/lib/python3/dist-packages/cme/connection.py", line 98, in proto_flow
if self.login() or (self.username == '' and self.password == ''):
File "/usr/lib/python3/dist-packages/cme/connection.py", line 163, in login
if self.kerberos_login(self.aesKey, self.kdcHost): return True
TypeError: kerberos_login() missing 1 required positional argument: 'kdcHost'
CME Version (cme --version)
crackmap exec version 5.2.2 (The Dark Knight)
OS
Kali 2022.1
Target OS
Win server 2016