lefayjey / linwinpwn Goto Github PK
View Code? Open in Web Editor NEWlinWinPwn is a bash script that streamlines the use of a number of Active Directory tools
License: MIT License
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
License: MIT License
**This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress.
The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability.(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)
The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible
Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!**
When I ran ./install.sh, it overrides the existing installation of cme and results in the following error:
Traceback (most recent call last):
File "/usr/bin/crackmapexec", line 8, in <module>
sys.exit(main())
^^^^^^
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 117, in main
args = gen_cli_args()
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/cme/cli.py", line 76, in gen_cli_args
protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/cme/loaders/protocol_loader.py", line 15, in load_protocol
protocol = imp.load_source('protocol', protocol_path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/imp.py", line 170, in load_source
module = _exec(spec, sys.modules[name])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 621, in _exec
File "<frozen importlib._bootstrap_external>", line 940, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "/usr/lib/python3/dist-packages/cme/protocols/rdp.py", line 11, in <module>
from aardwolf.commons.factory import RDPConnectionFactory
File "/usr/lib/python3/dist-packages/aardwolf/commons/factory.py", line 7, in <module>
from asyauth.common.credentials import UniCredential
File "/usr/lib/python3/dist-packages/asyauth/common/credentials/__init__.py", line 182, in <module>
from asyauth.common.credentials.kerberos import KerberosCredential
File "/usr/lib/python3/dist-packages/asyauth/common/credentials/kerberos.py", line 9, in <module>
from minikerberos.common.creds import KerberosCredential as KCRED
File "/usr/lib/python3/dist-packages/minikerberos/common/creds.py", line 21, in <module>
from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/asymmetric.py", line 19, in <module>
from ._asymmetric import _unwrap_private_key_info
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_asymmetric.py", line 27, in <module>
from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/kdf.py", line 9, in <module>
from .util import rand_bytes
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/util.py", line 14, in <module>
from ._openssl.util import rand_bytes
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/util.py", line 6, in <module>
from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto.py", line 9, in <module>
from ._libcrypto_cffi import (
File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto_cffi.py", line 46, in <module>
raise LibraryNotFoundError('Error detecting the version of libcrypto')
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
I suggest removing the line pipx install git+https://github.com/mpgn/CrackMapExec.git --force
Relevant Links:
When installing on clean kali 2023.3, there are errors after the automated installation through (install.sh)
crackmapexec --version
6.1.0 - John Wick
Output install
[+] impacket's findDelegation is installed
[+] impacket's GetUserSPNs is installed
[+] impacket's secretsdump is installed
[+] impacket's GetNPUsers is installed
[+] impacket's getTGT is installed
[+] impacket's goldenPac is installed
[+] impacket's rpcdump is installed
[+] impacket's reg is installed
[+] bloodhound is installed
[+] ldapdomaindump is installed
[+] crackmapexec is installed
[+] john is installed
[+] smbmap is installed
[+] nmap is installed
[+] adidnsdump is installed
[+] certi_py is installed
[+] certipy is installed
[+] ldeep is installed
[+] pre2k is installed
[+] certsync is installed
[+] windapsearch is installed
[+] windapsearch is executable
[+] enum4linux-ng is installed
[+] enum4linux-ng is executable
[+] kerbrute is installed
[+] kerbrute is executable
[+] targetedKerberoast is installed
[+] targetedKerberoast is executable
[+] CVE-2022-33679 is installed
[+] CVE-2022-33679 is executable
[+] DonPAPI is installed
[+] hekatomb is installed
[+] FindUncommonShares is installed
[+] manspider is installed
[+] coercer is installed
Errors
mkdir: invalid option -- 'f'
//
./linWinPwn.sh: line 507: $command_log: ambiguous redirect
tee: invalid option -- 'f'
Try 'tee --help' for more information.
[-] Connecting to host...
[-] Binding to host
[+] Bind OK
[-] Querying zone for records
[+] Found 0 records
./linWinPwn.sh: line 510: ${servers_ip_list}: ambiguous redirect
./linWinPwn.sh: line 511: ${dc_ip_list}: ambiguous redirect
./linWinPwn.sh: line 512: ${dc_hostname_list}: ambiguous redirect
./linWinPwn.sh: line 519: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 520: ${servers_ip_list}: ambiguous redirect
./linWinPwn.sh: line 521: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 522: ${dc_ip_list}: ambiguous redirect
./linWinPwn.sh: line 523: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 524: ${dc_hostname_list}: ambiguous redirect
ls: cannot access '/opt/scripts/linWinPwn/linWinPwn_[-]': No such file or directory
./linWinPwn.sh -t 10.10.10.10
Unknown option: -t
Some of the packages are already installed on Kali or could be installed via their repos.
Hello buddy, awesome tool you have created here, congratz, i have a question, why i cant see the menu as you have the example on the git, if i dont use any tags its gives me only configuration or authentication, im missing somenthing? thanks in advance
This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress
The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability
(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)
The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible
Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!
Translated with www.DeepL.com/Translator (free version)
Users Enumeration (Null session)
/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
[+] Found 0 users using RPC User Enum
[*] Users Enumeration (Null session)
/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
Hi !
How i can fix this trouble?
`
[*] gMSA Dump
[-] Please verify the location of gMSADumper.py
[*] LdapRelayScan checks
[-] Please verify the location of LdapRelayScan.py
`
[] ADCS Enumeration
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
[] Users Description containing word: pass
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
[] Get MachineAccountQuota
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
MAQ 10.1.11.53 389 MEX1DOMCTL01 [*] Getting the MachineAccountQuota
[] LDAP-signing check
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
LDAP-SIG... 10.1.11.53 389 MEX1DOMCTL01 LDAP signing is NOT enforced on 10.1.11.53
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
[-] Module not found
hi,
i have this problem with my Kali ...
can you halp me?
[+] lun 16 gen 2023, 09:30:12, CET
Traceback (most recent call last):
File "/usr/bin/crackmapexec", line 8, in
sys.exit(main())
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 117, in main
args = gen_cli_args()
File "/usr/lib/python3/dist-packages/cme/cli.py", line 76, in gen_cli_args
protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
File "/usr/lib/python3/dist-packages/cme/loaders/protocol_loader.py", line 15, in load_protocol
protocol = imp.load_source('protocol', protocol_path)
File "/usr/lib/python3.10/imp.py", line 170, in load_source
module = _exec(spec, sys.modules[name])
File "", line 619, in _exec
File "", line 883, in exec_module
File "", line 241, in _call_with_frames_removed
File "/usr/lib/python3/dist-packages/cme/protocols/rdp.py", line 10, in
from aardwolf import logger
ModuleNotFoundError: No module named 'aardwolf'
[-] Error connecting to target! Please ensure the target is a Domain Controller and try again...
./linWinPwn.sh -t 192.168.1.10 -M all -d domain.local -u john -p Password1233556
I've got error [-] Please ensure netexec is installed and try again...
I was testing it on ubuntu 22 and Kali linux. The same thing
After manual installation netexec through python-pip still getting the error
Any suggestions?
Can't use the tool if the zone is legacy..
hello
I think the switch --log was added in the new version of crackmapexec and it is not supported in the active version 5.4. Therefore, I am facing an error in the implementation of linwinpwn. How should I install Crackmapexec version 6 on Kali? it is not available in repository
thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.