CME throws errors after Kali update. Possible Debian/Python issue affecting a number of projects.

[reybango]

Describe the bug Running cme will generate a very verbose error as described below after Kali has been updated. I believe it relates to a recent update Debian made with Python.

To Reproduce Steps to reproduce the behavior:

1. Run cme -v binary
2. See error

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/usr/local/bin/cme/__main__.py", line 3, in <module>
  File "/usr/local/bin/cme/_bootstrap/__init__.py", line 253, in bootstrap
  File "/usr/local/bin/cme/_bootstrap/__init__.py", line 38, in run
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/cme/crackmapexec.py", line 117, in main
    args = gen_cli_args()
           ^^^^^^^^^^^^^^
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/cme/cli.py", line 76, in gen_cli_args
    protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/cme/loaders/protocol_loader.py", line 15, in load_protocol
    protocol = imp.load_source('protocol', protocol_path)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/imp.py", line 170, in load_source
    module = _exec(spec, sys.modules[name])
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 621, in _exec
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/cme/protocols/rdp.py", line 11, in <module>
    from aardwolf.commons.factory import RDPConnectionFactory
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/commons/factory.py", line 4, in <module>
    from aardwolf.commons.iosettings import RDPIOSettings
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/commons/iosettings.py", line 1, in <module>
    from aardwolf.extensions.RDPECLIP.channel import RDPECLIPChannel
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/extensions/RDPECLIP/channel.py", line 13, in <module>
    from aardwolf.commons.queuedata import RDP_CLIPBOARD_NEW_DATA_AVAILABLE, RDP_CLIPBOARD_READY, RDPDATATYPE
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/commons/queuedata/__init__.py", line 14, in <module>
    from aardwolf.commons.queuedata.video import RDP_VIDEO
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/commons/queuedata/video.py", line 8, in <module>
    from aardwolf.utils.rectconvert import rectconvert
  File "/home/haribo/.shiv/cme_9a05fe85b9528115f9515b14e17aeeca9011f83cdd1e4c72acc93bc284a1e467/site-packages/aardwolf/utils/rectconvert.py", line 1, in <module>
    import librlers
ModuleNotFoundError: No module named 'librlers' 

Expected behavior CME should display the version

Crackmapexec info

• OS: Kali - latest updates as 2/25/2023
• Version of CME v5.4.0
• CME downloaded from this repo's releases

Additional context I believe this is related to a Debian update for Python which seems to be affecting a large number of Python projects including Empire and Impacket (https://github.com/fortra/impacket/issues/1484)

[mpgn]

Hello Which binary are you using and version of python are you using ?

[reybango]

Hello Which binary are you using and version of python are you using ?

Python 3.11. Originally had cme-ubuntu-latest-3.10.zip.

I just went and downloaded cme-ubuntu-latest-3.11.zip and it's working. Apologies for the churn. Thank you for the help. :)

[elboulangero]

@reybango Why do you install from a Ubuntu zip? The correct way to install CrackMapExec on Kali Linux is apt install crackmapexec, ie. install the package provided by Kali. I just did a quick check, and it gives you CrackMapExec version 5.4.0 (ie. latest version), and it works out of the box.

Additionally, when you run apt update && apt full-ugrade you will get the latest version as well. In this case, you would have obtained the latest version of CME at the same time as the latest Python version, hence no breakage.

OTOH if you install a zip file manually, you expose yourself to this kind of problem.

[reybango]

@elboulangero I used to do it exactly how you described (apt install) but found that the Kali version, at times, was out of date. In speaking with @byt3bl33d3r, he recommended using pipx, docker or downloading to ensure I had the latest. In fact, if you look here, the Kali install option isn't recommended in the docs:

https://wiki.porchetta.industries/getting-started/installation/installation-on-unix#apt-package-kali-linux-only

Maybe that's changed?

[elboulangero]

the Kali version, at times, was out of date

The historic of updates in Kali Linux is public: http://pkg.kali.org/pkg/crackmapexec (the line that matters is "migrated to kali-rolling"). Comparing with https://github.com/Porchetta-Industries/CrackMapExec/tags, we can see that Kali was very up-to-date with versions 5.2.2. and 5.4.0, but somehow version 5.3.0 was not in Kali. For version 5.1.7, it took 3 months to see it in Kali.

You can always check what version is in Kali with apt show crackmapexec | grep ^Version: before you install it, then you decide if you prefer to install from upstream or from Kali repositories.

However you have to understand that a Linux distribution comes as a whole. Kali packages go through some QA, we (Kali developers) can detect breakages and fix it before it hits users. So for example, for the Python 3.11 transition, we fixed many issues in various packages, and only after that we let Python 3.11 reached Kali users.

if you install software from another method (pip, upstream tarball), you're out of this whole, you're on your own, and you don't benefit from the QA work that Kali does. But all we can do is fix the stuff that we distribute, we can't fix the stuff that you installed your own way on your machine. So in short, if you install via pip or upstream tarball, you're more likely to encounter issues every now and then, and you'll have to fix it by yourself. If you're a advanced user and you understand very well what you're doing, that's fine, go ahead. But if you're not, I would recommend to stick to Kali packages.

[reybango]

@elboulangero thank you for the reply. I'm very aware of the benefits of using the package management capabilities of the OS and in most cases, use it to install software precisely to take advantage of the vetting that folks like you do. Kali is no exception and I would much prefer to install from the Kali repo where possible. :)

With that said, there are some cases where the software on the OS is out of date. I've seen this often with Firefox, for example and as you rightly mentioned, CME 5.3.x which was the version that led me to begin downloading from here since it wasn't in the system. And again, the fact that the project says it's not recommended to install from Kali is another flag for how to install CME.

I don't see this as a failing of the OS per se but a case of software being updated quicker than OS teams are able or willing to work by.

[elboulangero]

Opened https://github.com/Porchetta-Industries/CrackMapExec/issues/754 to discuss the deprecation warning in the wiki. Thanks for following up on this discussion @reybango