You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
DEBUG StringBinding: \\WINTERFELL[\PIPE\atsvc]
DEBUG StringBinding: \\WINTERFELL[\pipe\SessEnvPublicRpc]
DEBUG StringBinding: WINTERFELL[49667]
DEBUG StringBinding: 192.168.1.252[49667]
DEBUG StringBinding chosen: ncacn_ip_tcp:192.168.1.252[49667]
DEBUG Error executing command via wmiexec, traceback:
DEBUG Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 394, in execute
exec_method = WMIEXEC(self.host, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.hash, self.args.share)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb/wmiexec.py", line 42, in init
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcom/wmi.py", line 3155, in NTLMLogin
resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcomrt.py", line 1307, in request
self.connect(iid)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcomrt.py", line 1284, in connect
dce.connect()
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/rpcrt.py", line 801, in connect
return self._transport.connect()
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/transport.py", line 302, in connect
raise DCERPCException("Could not connect: %s" % msg)
DCERPCException: Could not connect: [Errno 110] Connection timed out
CME Version (cme --version)
4.0.1dev - Bug Pr0n
OS
kali-rolling 2020.1
Target OS
Windows 10 18362 x64
Detailed issue explanation
When the firewall is on on the target and a cmd is executed on it, it cannot execute the command using wmiexec. But if the firewall is off then the command runs successfully.
The text was updated successfully, but these errors were encountered:
I'm not sure how this is related to a Firewall issue since you pass the first connection.
The version of impacket you are using is very old (march 2019), please update cme to the latest version so you can use the latest version of impacket (python3) and maybe we will find the problem.
Hi @mpgn I have done a git pull and rebuilt cme. Still shows as version 4.0.1dev - Bug Pr0n. I have the latest impacket installed in a separate location from the one that comes with cme. I believe with the git pull the one within the cme directory should also get updated. Is there a way to verify that or know which is the latest cme build?
Steps to reproduce
Command string used
cme --verbose smb 192.168.1.252 -u administrator -p XXXXXX -x whoami
CME verbose output (using the --verbose flag)
DEBUG StringBinding: \\WINTERFELL[\PIPE\atsvc]
DEBUG StringBinding: \\WINTERFELL[\pipe\SessEnvPublicRpc]
DEBUG StringBinding: WINTERFELL[49667]
DEBUG StringBinding: 192.168.1.252[49667]
DEBUG StringBinding chosen: ncacn_ip_tcp:192.168.1.252[49667]
DEBUG Error executing command via wmiexec, traceback:
DEBUG Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb.py", line 394, in execute
exec_method = WMIEXEC(self.host, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.hash, self.args.share)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/protocols/smb/wmiexec.py", line 42, in init
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcom/wmi.py", line 3155, in NTLMLogin
resp = self.request(request, iid = self._iid, uuid = self.get_iPid())
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcomrt.py", line 1307, in request
self.connect(iid)
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/dcomrt.py", line 1284, in connect
dce.connect()
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/rpcrt.py", line 801, in connect
return self._transport.connect()
File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.1.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/dcerpc/v5/transport.py", line 302, in connect
raise DCERPCException("Could not connect: %s" % msg)
DCERPCException: Could not connect: [Errno 110] Connection timed out
CME Version (cme --version)
4.0.1dev - Bug Pr0n
OS
kali-rolling 2020.1
Target OS
Windows 10 18362 x64
Detailed issue explanation
When the firewall is on on the target and a cmd is executed on it, it cannot execute the command using wmiexec. But if the firewall is off then the command runs successfully.
The text was updated successfully, but these errors were encountered: