crackmapexec rdp incorrect when spraying for RDP credentials
robertstrom opened this issue · 1 comments
Describe the bug
A clear and concise description of what the bug is.
I am using CME 5.4.0 on Kali Linux 2022.04 and running crackmapexec rdp commands against known exploited systems and it is not identifying the systems credentials as valid / compromised
To Reproduce
Steps to reproduce the behavior:
- run the command
crackmapexec rdp 10.11.1.x -u Administrator -H '' --local-auth
using a known good hash (I can use the same hash to logon using xfreerdp) and the command results in a negative response when it should identify the system as pwned
RDP 10.11.1.x 3389 PETER [*] Windows 10 or Windows Server 2016 Build 17763 (name:PETER) (domain:PETER) (nla:False)
rdp+ntlm-nt://PETER\Administrator:
RDP 10.11.1.x 3389 PETER [-] PETER\Administrator:
I have also tried the command without the --local-auth argument with the same results
crackmapexec rdp 10.11.1.x -u Administrator -H ''
I have also tried the command without the single quotes around the hash
crackmapexec rdp 10.11.1.x -u Administrator -H
I have also tried the command using the -d .
crackmapexec rdp 10.11.1.x -u Administrator -d . -H ''
All of these commands result in telling me that the credentials are incorrect when I know that the hash and the user name are correct and can be used to logon using xfreerdp.
I also added a user to the local administrators group and used the known password and got negative responses to the known user name and password
Note that these systems only have port 3389 open.
Expected behavior
A clear and concise description of what you expected to happen.
I expect CME to tell me when the credentials are correct using the rdp protocol just like it does for the smb protocol and other protocols.
Screenshots
If applicable, add screenshots to help explain your problem.
Crackmapexec info
- OS: Kali 2020.04
- Version of CME - 5.4.0
- Installed from apt or using latest release ? Please try with latest release before openning an issue - Installed with Kali and updated with Kali
Additional context
Add any other context about the problem here.
fixed :)