Merge pull request #381 from byt3bl33d3r/v5-dev

Some fix pushed in to v5.0.2

Author: mpgn

README.md

@@ -1,4 +1,4 @@
-![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg)
+![Supported Python versions](https://img.shields.io/badge/python-3.8+-blue.svg)
 
 # CrackMapExec
 
@@ -46,5 +46,4 @@ If you use CrackMapExec a lot (especially if it's used commercially), please con
 Press the "Sponsor" button on the top of this page to see ways of donating/sponsoring this project.
 
 # To do
-- Kerberos support
 - ~~0wn everything~~

cme/connection.py

@@ -181,7 +181,7 @@ def login(self):
                             tmp = usr
                             usr = tmp.split('\\')[1].strip()
                             self.domain = tmp.split('\\')[0]
-                        if self.args.hash:
+                        if hasattr(self.args, 'hash') and self.args.hash:
                             with sem:
                                 for ntlm_hash in self.args.hash:
                                     if isinstance(ntlm_hash, str):
@@ -205,19 +205,28 @@ def login(self):
                                 for password in self.args.password:
                                     if isinstance(password, str):
                                         if not self.over_fail_limit(usr.strip()):
-                                            if self.plaintext_login(self.domain, usr.strip(), password): return True
+                                            if hasattr(self.args, 'domain'):
+                                                if self.plaintext_login(self.domain, usr.strip(), password): return True
+                                            else:
+                                                if self.plaintext_login(usr.strip(), password): return True
 
                                     elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == False:
                                         for f_pass in password:
                                             if not self.over_fail_limit(usr.strip()):
-                                                if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
+                                                if hasattr(self.args, 'domain'):
+                                                    if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
+                                                else:
+                                                    if self.plaintext_login(usr.strip(), f_pass.strip()): return True
                                         password.seek(0)
 
                                     elif not isinstance(password, str) and isfile(password.name) and self.args.no_bruteforce == True:
                                         user.seek(0)
                                         for usr, f_pass in zip(user, password):
                                             if not self.over_fail_limit(usr.strip()):
-                                                if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
+                                                if hasattr(self.args, 'domain'):
+                                                    if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
+                                                else:
+                                                    if self.plaintext_login(usr.strip(), f_pass.strip()): return True
 
                 elif isinstance(user, str):
                         if hasattr(self.args, 'hash') and self.args.hash:

cme/protocols/smb.py

@@ -237,10 +237,9 @@ def enum_host_info(self):
 
         if self.args.domain:
             self.domain = self.args.domain
-
-        # always print FQDN even if local auth
-        # if self.args.local_auth:
-        #     self.domain = self.hostname
+        
+        if self.args.local_auth:
+            self.domain = self.hostname
 
         #Re-connect since we logged off
         self.create_conn_obj()

cme/protocols/ssh.py

@@ -12,6 +12,7 @@ class ssh(connection):
     @staticmethod
     def proto_args(parser, std_parser, module_parser):
         ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser])
+        ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
         #ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key")
         ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")