Added --fail-limit and --gfail-limit options to limit the amount of

failed login attemptes per host and globally

Author: byt3bl33d3r

README.md

@@ -83,6 +83,8 @@ optional arguments:
   --port {139,445}      SMB port (default: 445)
   --server {http,https}
                         Use the selected server (defaults to http)
+  --fail-limit LIMIT    The max number of failed login attempts allowed per host (default: None)
+  --gfail-limit LIMIT   The max number of failed login attempts allowed globally (default: None)
   --verbose             Enable verbose output
 
 Credential Gathering:

core/settings.py

@@ -1,10 +1,10 @@
 def init_args(arg_namespace):
     """
-    args will contain a namespace that we can modify whenever we want
-    orig_args will contain the original namespace (duh!) and should never be modified
-    """ 
-    global orig_args
-    orig_args = arg_namespace
-    
+    This is just so we can easily share argparse's namespace
+    """
+
     global args
-    args = arg_namespace
+    args = arg_namespace
+
+    global gfails
+    gfails = 0

core/smartlogin.py

@@ -10,10 +10,22 @@ def smart_login(host, smb, domain):
     '''
         This function should probably be called ugly_login
     ''' 
+    fails = 0
+
     if settings.args.combo_file:
         with open(settings.args.combo_file, 'r') as combo_file:
             for line in combo_file:
                 try:
+
+                    if settings.args.fail_limit:
+                        if settings.args.fail_limit == fails:
+                            print_status('{}:{} Reached login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+                    if settings.args.gfail_limit:
+                        if settings.gfails >= settings.args.gfail_limit:
+                            print_status('{}:{} Reached global login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+
                     line = line.strip()
 
                     lmhash = ''
@@ -52,6 +64,9 @@ def smart_login(host, smb, domain):
                         return smb
                     except SessionError as e:
                         print_error(u"{}:{} {}\\{}:{} {}".format(host, settings.args.port, domain, user, passwd, e))
+                        if 'STATUS_LOGON_FAILURE' in e:
+                            fails += 1
+                            settings.gfails += 1
                         continue
 
                 except Exception as e:
@@ -104,6 +119,16 @@ def smart_login(host, smb, domain):
 
             if hashes:
                 for ntlm_hash in hashes:
+
+                    if settings.args.fail_limit:
+                        if settings.args.fail_limit == fails:
+                            print_status('{}:{} Reached login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+                    if settings.args.gfail_limit:
+                        if settings.gfails >= settings.args.gfail_limit:
+                            print_status('{}:{} Reached global login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+
                     ntlm_hash = ntlm_hash.strip().lower()
                     lmhash, nthash = ntlm_hash.split(':')
                     if user == '': user = "''"
@@ -119,10 +144,23 @@ def smart_login(host, smb, domain):
                         return smb
                     except SessionError as e:
                         print_error(u"{}:{} {}\\{}:{} {}".format(host, settings.args.port, domain, user, ntlm_hash, e))
+                        if 'STATUS_LOGON_FAILURE' in str(e):
+                            fails += 1
+                            settings.gfails += 1
                         continue
 
             if passwords:
                 for passwd in passwords:
+
+                    if settings.args.fail_limit:
+                        if settings.args.fail_limit == fails:
+                            print_status('{}:{} Reached login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+                    if settings.args.gfail_limit:
+                        if settings.gfails >= settings.args.gfail_limit:
+                            print_status('{}:{} Reached global login fail limit'.format(host, settings.args.port))
+                            raise socket.error
+
                     passwd = passwd.strip()
                     if user == '': user = "''"
                     if passwd == '': passwd = "''"
@@ -138,6 +176,9 @@ def smart_login(host, smb, domain):
                         return smb
                     except SessionError as e:
                         print_error(u"{}:{} {}\\{}:{} {}".format(host, settings.args.port, domain, user, passwd, e))
+                        if 'STATUS_LOGON_FAILURE' in str(e):
+                            fails += 1
+                            settings.gfails += 1
                         continue
 
     raise socket.error #So we fail without a peep

crackmapexec.py

@@ -59,6 +59,7 @@
                                 version='2.0 - {}'.format(CODENAME),
                                 epilog='There\'s been an awakening... have you felt it?')
 
+parser.add_argument("target", nargs=1, type=str, help="The target range, CIDR identifier or file containing targets")
 parser.add_argument("-t", type=int, dest="threads", default=100, help="Set how many concurrent threads to use (defaults to 100)")
 parser.add_argument("-u", metavar="USERNAME", dest='user', type=str, default=None, help="Username(s) or file containing usernames")
 parser.add_argument("-p", metavar="PASSWORD", dest='passwd', type=str, default=None, help="Password(s) or file containing passwords")
@@ -72,8 +73,11 @@
 parser.add_argument("--port", dest='port', type=int, choices={139, 445}, default=445, help="SMB port (default: 445)")
 parser.add_argument("--server", choices={'http', 'https'}, default='http', help='Use the selected server (defaults to http)')
 #parser.add_argument("--server-port", type=int, help='Start the server on the specified port')
+
+#How much fail can we limit? can we fail at failing to limit? da da da dum
+parser.add_argument("--fail-limit", metavar='LIMIT', type=int, default=None, help='The max number of failed login attempts allowed per host (default: None)')
+parser.add_argument("--gfail-limit", metavar='LIMIT', type=int, default=None, help='The max number of failed login attempts allowed globally (default: None)')
 parser.add_argument("--verbose", action='store_true', dest='verbose', help="Enable verbose output")
-parser.add_argument("target", nargs=1, type=str, help="The target range, CIDR identifier or file containing targets")
 
 rgroup = parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
 rgroup.add_argument("--sam", action='store_true', help='Dump SAM hashes from target systems')