--get-file and --put-file requires Admin to work on Share Folder
Closed this issue · 0 comments
juliourena commented
I'm trying to READ/WRITE a file from a share folder where my user has READ/WRITE privileges, but it doesn't work.
Looking at the code, I notice that @requires_admin flag is set to the methods get_file and put_file, but for a share folder I don't need to be admin to READ/WRITE.
crackmapexec smb 10.129.203.121 -u engels -p "Testing9!" --shares
SMB 10.129.203.121 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:inlanefreight.htb) (signing:True) (SMBv1:False)
SMB 10.129.203.121 445 DC01 [+] inlanefreight.htb\engels:Testing9!
SMB 10.129.203.121 445 DC01 [+] Enumerated shares
SMB 10.129.203.121 445 DC01 Share Permissions Remark
SMB 10.129.203.121 445 DC01 ----- ----------- ------
SMB 10.129.203.121 445 DC01 ADMIN$ Remote Admin
SMB 10.129.203.121 445 DC01 C$ Default share
SMB 10.129.203.121 445 DC01 IPC$ READ Remote IPC
SMB 10.129.203.121 445 DC01 IT READ,WRITE
crackmapexec smb 10.129.203.121 -u engels -p "Testing9!" --put-file whoami.txt \\IT\whoami.txt --share IT
SMB 10.129.203.121 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:inlanefreight.htb) (signing:True) (SMBv1:False)
SMB 10.129.203.121 445 DC01 [+] inlanefreight.htb\engels:Testing9!
crackmapexec smb 10.129.203.121 -u administrator -p XXXXX --put-file whoami.txt whoami.txt --share IT
SMB 10.129.203.121 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:inlanefreight.htb) (signing:True) (SMBv1:False)
SMB 10.129.203.121 445 DC01 [+] inlanefreight.htb\administrator:XXXXX(Pwn3d!)
SMB 10.129.203.121 445 DC01 [*] Copy whoami.txt to \IT\whoami.txt
SMB 10.129.203.121 445 DC01 [+] Created file whoami.txt on \\ITwhoami.txt
The solution would be to remove the @requires_admin flag from those methods. I'll submit a PR.