Open Techbrunch opened 1 year ago
Describe the bug
When using the module spider_plus with READ_ONLY=false not all files are retrieved.
spider_plus
READ_ONLY=false
To Reproduce
[Feb 18, 2023 - 15:56:29 (CET)] exegol-htb-scrambled /workspace # cme smb dc1.scrm.local -d scrm.local -u ksimpson -p ksimpson -k -M spider_plus -o READ_ONLY=false EXCLUDE_DIR=IPC$,NETLOGON,SYSVOL MAX_FILE_SIZE=0 SMB dc1.scrm.local 445 dc1.scrm.local [*] x64 (name:dc1.scrm.local) (domain:scrm.local) (signing:True) (SMBv1:False) SMB dc1.scrm.local 445 dc1.scrm.local [+] scrm.local\ksimpson:ksimpson SPIDER_P... dc1.scrm.local 445 dc1.scrm.local [*] Started spidering plus with option: SPIDER_P... dc1.scrm.local 445 dc1.scrm.local [*] DIR: ['ipc$', 'netlogon', 'sysvol'] SPIDER_P... dc1.scrm.local 445 dc1.scrm.local [*] EXT: ['ico', 'lnk'] SPIDER_P... dc1.scrm.local 445 dc1.scrm.local [*] SIZE: 51200 SPIDER_P... dc1.scrm.local 445 dc1.scrm.local [*] OUTPUT: /tmp/cme_spider_plus [Feb 18, 2023 - 15:57:24 (CET)] exegol-htb-scrambled /workspace # tree /tmp/cme_spider_plus /tmp/cme_spider_plus └── dc1.scrm.local.json 0 directories, 1 file
There is a PDF in the Public share:
Public
[Feb 18, 2023 - 15:56:21 (CET)] exegol-htb-scrambled /workspace # cat /tmp/cme_spider_plus/dc1.scrm.local.json { "Public": { "Network Security Changes.pdf": { "atime_epoch": "2021-11-04 23:23:11", "ctime_epoch": "2021-11-04 23:20:49", "mtime_epoch": "2021-11-05 18:45:07", "size": "615.34 KB" } } }
Crackmapexec info
Workaround
Using --get-file as seen in @mpgn writeup.
--get-file
Describe the bug
When using the module
spider_pluswithREAD_ONLY=falsenot all files are retrieved.To Reproduce
There is a PDF in the
Publicshare:Crackmapexec info
Workaround
Using
--get-fileas seen in @mpgn writeup.