A new release of CrackMapExec is available ! The latest version of CME is now 5.3.0, all the features from the private version on Porchetta Industries have been merge into the public repository after 6 months.
This post will help you do track down all the new updates and issues fixed that have been pushed to CrackMapExec since porchetta has been launched.
But first, let's talk about the CME coins I just received !!!
First, big big Kudos to BZHunt, a french company who decided to sponsors this idea I got (they paid for everything).
Second, for now, the coins will be distributed to the contributors of the CME public repository or people like ippsec, 0xdf who throughout their HTB writeups (and videos) show how cme can be used to achieve something !
I will also do some CME workshop for various infosec events and a coin will be given to the student who finish the workshop first ! :)
CrackMapExec has a new home
CrackMapExec public repository is now located on this URL
GitHub - Porchetta-Industries/CrackMapExec: A swiss army knife for pentesting networks
Now let's talk about the new public features in CrackMapExec.
CrackMapExec now supports RDP protocol, his is no crappy freeRDP python wrapper behind this but the integration of @SkelSec's aardwolf lib:
You can also perform screenshot
Get SAM and LSA using WinRM
New update on the WinRM protocol, CrackMapExec can now get the sam & lsa secrets:
CrackMapExec + pentester = audit mode
A new mode "audit" to CrackMapExec has been added where the password (or nthash) will be replaced by the char of your choice or why not your favorite emoji this is the end of the "I NEED TO BLUR THIS SCREENSHOT" area in your pentest report :
No more stacktrace ?
Thanks to @Gianfrancoalongi you should get a bit less stacktrace when performing a large scan... I hope :D
New codec option
Thanks to @snovvcrash CrackMapExec support the codec of your choice for the output of your command:
SMBv1 and SMB signing logged into CMEDB
Thanks to @Serizao CMEDB now log SMBv1 and SMBSigning
A lighter version of CME
I decided to remove all the repositories added via the recursive command and all the modules where a powershell script was loaded like mimikatz etc. These modules were deprecated and detected by any AV so pretty useless.