CME fails if the password used when authenticating has a "€" character in it with a UnicodeEncodeError exception.
Steps to reproduce the behavior:
Create a user with a password containing € character
Try to authenticate using CME
To easily test, one could create a random share using impacket-smbserver
Expected behavior
The password is valid so the authentication shall succeed
Screenshots
└──╼ $cme smb 127.0.0.1 -u test -p 't€st'
[*] Initializing FTP protocol database
[*] Initializing RDP protocol database
[*] Old configuration file detected, replacing with new version
SMB 127.0.0.1 445 NenjEgZo [*] mHRWzOcT (name:NenjEgZo) (domain:JIdQIxUP) (signing:False) (SMBv1:True)
Traceback (most recent call last):
File "/home/user/.local/bin/cme", line 8, in <module>
sys.exit(main())
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 257, in main
asyncio.run(
File "/usr/lib/python3.9/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 105, in start_threadpool
await asyncio.gather(*jobs)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 69, in run_protocol
await asyncio.wait_for(
File "/usr/lib/python3.9/asyncio/tasks.py", line 442, in wait_for
return await fut
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/protocols/smb.py", line 143, in __init__
connection.__init__(self, args, db, host)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 65, in __init__
self.proto_flow()
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 101, in proto_flow
if self.login() or (self.username == '' and self.password == ''):
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 300, in login
elif self.plaintext_login(self.domain, user, password): return True
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/protocols/smb.py", line 450, in plaintext_login
self.conn.login(self.username, self.password, domain)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/smbconnection.py", line 276, in login
return self._SMBConnection.login(user, password, domain, lmhash, nthash, ntlmFallback)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/smb.py", line 3494, in login
self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/smb.py", line 3402, in login_extended
type3, exportedSessionKey = ntlm.getNTLMSSPType3(auth, respToken['ResponseToken'], user, password, domain, lmhash, nthash, use_ntlmv2 = use_ntlmv2)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/ntlm.py", line 628, in getNTLMSSPType3
ntlmChallengeResponse = NTLMAuthChallengeResponse(user, password, ntlmChallenge['challenge'])
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/ntlm.py", line 443, in __init__
lmhash = compute_lmhash(password)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/impacket/ntlm.py", line 745, in compute_lmhash
lmhash = __DES_block(b(password[:7]), KNOWN_DES_INPUT)
File "/home/user/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/six.py", line 644, in b
return s.encode("latin-1")
UnicodeEncodeError: 'latin-1' codec can't encode character '\u20ac' in position 1: ordinal not in range(256)
Crackmapexec info
OS: Parrot OS
Version of CME :5.4.1
Installed from pipx using github master on 05/17/2023
CME fails if the password used when authenticating has a "€" character in it with a
UnicodeEncodeError
exception.Steps to reproduce the behavior:
€
characterTo easily test, one could create a random share using impacket-smbserver
Expected behavior The password is valid so the authentication shall succeed
Screenshots
Crackmapexec info