Can't use credential set from the database
Techbrunch opened this issue · 3 comments
Describe the bug
I'm trying to use a credential set from the database as described here: https://github.com/Porchetta-Industries/CrackMapExec/wiki/Using-Credentials but I get an error: AttributeError: 'database' object has no attribute 'get_credentials'
To Reproduce
[Feb 11, 2023 - 20:07:00 (CET)] exegol-htb-resolute ~ # cmedb
cmedb (default)(smb) > creds
+Credentials---------+-----------+----------+----------+-------------+
| CredID | Admin On | CredType | Domain | UserName | Password |
+--------+-----------+-----------+----------+----------+-------------+
| 1 | 0 Host(s) | plaintext | MEGABANK | | |
| 2 | 0 Host(s) | plaintext | MEGABANK | melanie | Welcome123! |
+--------+-----------+-----------+----------+----------+-------------+
cmedb (default)(smb) > exit
[Feb 11, 2023 - 20:07:16 (CET)] exegol-htb-resolute ~ # cme winrm $TARGET -id 2 -x whoami
SMB 10.129.217.23 5985 RESOLUTE [*] Windows 10.0 Build 14393 (name:RESOLUTE) (domain:megabank.local)
HTTP 10.129.217.23 5985 RESOLUTE [*] http://10.129.217.23:5985/wsman
Traceback (most recent call last):
File "/root/.local/bin/crackmapexec", line 8, in <module>
sys.exit(main())
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 257, in main
asyncio.run(
File "/usr/lib/python3.9/asyncio/runners.py", line 44, in run
return loop.run_until_complete(main)
File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 105, in start_threadpool
await asyncio.gather(*jobs)
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 69, in run_protocol
await asyncio.wait_for(
File "/usr/lib/python3.9/asyncio/tasks.py", line 442, in wait_for
return await fut
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/protocols/winrm.py", line 33, in __init__
connection.__init__(self, args, db, host)
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 65, in __init__
self.proto_flow()
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/protocols/winrm.py", line 66, in proto_flow
if self.login():
File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 170, in login
creds = self.db.get_credentials(filterTerm=int(cred_id))
AttributeError: 'database' object has no attribute 'get_credentials'
Expected behavior
CME will automatically pull that credential from the back-end database and use it to authenticate
Crackmapexec info
- OS: Docker / Exegol
- Version of CME 5.4.0
Related to the comment I just made in #740, the winrm protocol DB isn't used. You should be able to use the smb or mssql database with credentials though, since those are actually populated and have the associated functions with them such as get_credentials().
@mpgn this can probably be merged with #740 as a general "actually use the winrm database."
@mpgn This can be marked fixed for sponsors. There was an issue when trying to list specific creds in the cmedb for winrm (e.g. creds 1), but I fixed that in my current PR in commit 1ae3c82.
This specific functionality to use creds from the WinRM DB was fixed in my CMEDB overhaul though, which is live for sponsors.
Hello,
Thanks for the issue, it is now fixed on the last public release of CrackMapExec https://github.com/mpgn/CrackMapExec v6.0.0
Regards,
mpgn