Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Add SSL support to winrm protocol #559

Merged
merged 3 commits into from
Jun 17, 2022
Merged

Add SSL support to winrm protocol #559

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c2d33c9
Add SSL support to winrm protocol
Mar 31, 2022
7202fd8
Merge branch 'master' into winrm_ssl_options
Jun 17, 2022
71bbe5f
Update winrm.py
Jun 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
38 changes: 34 additions & 4 deletions cme/protocols/winrm.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ def proto_args(parser, std_parser, module_parser):
winrm_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
winrm_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")
winrm_parser.add_argument("--port", type=int, default=0, help="Custom WinRM port")
winrm_parser.add_argument("-S", '--ssl', action='store_true', help="Connect to SSL Enabled WINRM")
whipped5000 marked this conversation as resolved.
Show resolved Hide resolved
winrm_parser.add_argument("--ignore-ssl-cert", action='store_true', help="Ignore Certificate Verification")
winrm_parser.add_argument("--laps", dest='laps', metavar="LAPS", type=str, help="LAPS authentification", nargs='?', const='administrator')
dgroup = winrm_parser.add_mutually_exclusive_group()
dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, default=None, help="domain to authenticate to")
Expand Down Expand Up @@ -189,7 +191,21 @@ def plaintext_login(self, domain, username, password):
self.password = password
self.username = username
self.domain = domain
self.conn = Client(self.host,
if self.args.ssl and self.args.ignore_ssl_cert:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(domain, self.username),
password=self.password,
ssl=True,
cert_validation=False)
elif self.args.ssl:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(domain, self.username),
password=self.password,
ssl=True)
else:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(domain, self.username),
password=self.password,
Expand Down Expand Up @@ -240,9 +256,23 @@ def hash_login(self, domain, username, ntlm_hash):
if nthash: self.nthash = nthash
else:
nthash = self.hash

self.domain = domain
self.conn = Client(self.host,
if self.args.ssl and self.args.ignore_ssl_cert:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(self.domain, self.username),
password=lmhash + nthash,
ssl=True,
cert_validation=False)
elif self.args.ssl:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(self.domain, self.username),
password=lmhash + nthash,
ssl=True)
else:
self.conn = Client(self.host,
auth='ntlm',
username=u'{}\\{}'.format(self.domain, self.username),
password=lmhash + nthash,
Expand Down Expand Up @@ -312,4 +342,4 @@ def lsa(self):
bootKey = localOperations.getBootKey()
LSA = LSASecrets(self.output_filename + ".security", bootKey, None, isRemote=None, perSecretCallback=lambda secretType, secret: self.logger.highlight(secret))
LSA.dumpCachedHashes()
LSA.dumpSecrets()
LSA.dumpSecrets()