lefayjey / linwinpwn Goto Github PK

When installing on clean kali 2023.3, there are errors after the automated installation through (install.sh)

crackmapexec --version
6.1.0 - John Wick

Output install

[+] impacket's findDelegation is installed
[+] impacket's GetUserSPNs is installed
[+] impacket's secretsdump is installed
[+] impacket's GetNPUsers is installed
[+] impacket's getTGT is installed
[+] impacket's goldenPac is installed
[+] impacket's rpcdump is installed
[+] impacket's reg is installed
[+] bloodhound is installed
[+] ldapdomaindump is installed
[+] crackmapexec is installed
[+] john is installed
[+] smbmap is installed
[+] nmap is installed
[+] adidnsdump is installed
[+] certi_py is installed
[+] certipy is installed
[+] ldeep is installed
[+] pre2k is installed
[+] certsync is installed
[+] windapsearch is installed
[+] windapsearch is executable
[+] enum4linux-ng is installed
[+] enum4linux-ng is executable
[+] kerbrute is installed
[+] kerbrute is executable
[+] targetedKerberoast is installed
[+] targetedKerberoast is executable
[+] CVE-2022-33679 is installed
[+] CVE-2022-33679 is executable
[+] DonPAPI is installed
[+] hekatomb is installed
[+] FindUncommonShares is installed
[+] manspider is installed
[+] coercer is installed

Errors

mkdir: invalid option -- 'f'

//

./linWinPwn.sh: line 507: $command_log: ambiguous redirect
tee: invalid option -- 'f'
Try 'tee --help' for more information.
[-] Connecting to host...
[-] Binding to host
[+] Bind OK
[-] Querying zone for records
[+] Found 0 records
./linWinPwn.sh: line 510: ${servers_ip_list}: ambiguous redirect
./linWinPwn.sh: line 511: ${dc_ip_list}: ambiguous redirect
./linWinPwn.sh: line 512: ${dc_hostname_list}: ambiguous redirect
./linWinPwn.sh: line 519: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 520: ${servers_ip_list}: ambiguous redirect
./linWinPwn.sh: line 521: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 522: ${dc_ip_list}: ambiguous redirect
./linWinPwn.sh: line 523: [: too many arguments
grep: /root/.cme/workspaces/default/smb.db`): No such file or directory
./linWinPwn.sh: line 524: ${dc_hostname_list}: ambiguous redirect

ls: cannot access '/opt/scripts/linWinPwn/linWinPwn_[-]': No such file or directory

Some of the packages are already installed on Kali or could be installed via their repos.

./linWinPwn.sh -t 10.10.10.10
Unknown option: -t

chmod: cannot access '/opt/lwp-scripts/DonPAPI-main/DonPAPI.py': No such file or directory

Hello Guys,

when i try to start and connect with linWinPwn i get the following error from adidnsdump.

my command: ./linWinPwn -t -u -p --auto-config

[] ADCS Enumeration
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)

[] Users Description containing word: pass
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)

[] Get MachineAccountQuota
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
MAQ 10.1.11.53 389 MEX1DOMCTL01 [*] Getting the MachineAccountQuota

[] LDAP-signing check
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
SMB 10.1.11.53 445 MEX1DOMCTL01 [] Windows Server 2016 Standard 14393 x64 (name:MEX1DOMCTL01) (domain:bentoint.com) (signing:True) (SMBv1:True)
LDAP-SIG... 10.1.11.53 389 MEX1DOMCTL01 LDAP signing is NOT enforced on 10.1.11.53
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/spooler.py: No module named 'impacket.dcerpc.v5.rpch'
[-] Failed loading module at /usr/lib/python3/dist-packages/cme/modules/ldap-checker.py: No module named 'msldap.commons.factory'
[-] Module not found

This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress
The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability
(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)
The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible

Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!

Translated with www.DeepL.com/Translator (free version)

./linWinPwn.sh -t 192.168.1.10 -M all -d domain.local -u john -p Password1233556
I've got error [-] Please ensure netexec is installed and try again...
I was testing it on ubuntu 22 and Kali linux. The same thing
After manual installation netexec through python-pip still getting the error
Any suggestions?

hi,
i have this problem with my Kali ...
can you halp me?

[+] lun 16 gen 2023, 09:30:12, CET
Traceback (most recent call last):
File "/usr/bin/crackmapexec", line 8, in
sys.exit(main())
File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 117, in main
args = gen_cli_args()
File "/usr/lib/python3/dist-packages/cme/cli.py", line 76, in gen_cli_args
protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
File "/usr/lib/python3/dist-packages/cme/loaders/protocol_loader.py", line 15, in load_protocol
protocol = imp.load_source('protocol', protocol_path)
File "/usr/lib/python3.10/imp.py", line 170, in load_source
module = _exec(spec, sys.modules[name])
File "", line 619, in _exec
File "", line 883, in exec_module
File "", line 241, in _call_with_frames_removed
File "/usr/lib/python3/dist-packages/cme/protocols/rdp.py", line 10, in
from aardwolf import logger
ModuleNotFoundError: No module named 'aardwolf'
[-] Error connecting to target! Please ensure the target is a Domain Controller and try again...

When I ran ./install.sh, it overrides the existing installation of cme and results in the following error:

Traceback (most recent call last):
  File "/usr/bin/crackmapexec", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/lib/python3/dist-packages/cme/crackmapexec.py", line 117, in main
    args = gen_cli_args()
           ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/cme/cli.py", line 76, in gen_cli_args
    protocol_object = p_loader.load_protocol(protocols[protocol]['path'])
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/cme/loaders/protocol_loader.py", line 15, in load_protocol
    protocol = imp.load_source('protocol', protocol_path)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/imp.py", line 170, in load_source
    module = _exec(spec, sys.modules[name])
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 621, in _exec
  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/usr/lib/python3/dist-packages/cme/protocols/rdp.py", line 11, in <module>
    from aardwolf.commons.factory import RDPConnectionFactory
  File "/usr/lib/python3/dist-packages/aardwolf/commons/factory.py", line 7, in <module>
    from asyauth.common.credentials import UniCredential
  File "/usr/lib/python3/dist-packages/asyauth/common/credentials/__init__.py", line 182, in <module>
    from asyauth.common.credentials.kerberos import KerberosCredential
  File "/usr/lib/python3/dist-packages/asyauth/common/credentials/kerberos.py", line 9, in <module>
    from minikerberos.common.creds import KerberosCredential as KCRED
  File "/usr/lib/python3/dist-packages/minikerberos/common/creds.py", line 21, in <module>
    from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/asymmetric.py", line 19, in <module>
    from ._asymmetric import _unwrap_private_key_info
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_asymmetric.py", line 27, in <module>
    from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/kdf.py", line 9, in <module>
    from .util import rand_bytes
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/util.py", line 14, in <module>
    from ._openssl.util import rand_bytes
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/util.py", line 6, in <module>
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto.py", line 9, in <module>
    from ._libcrypto_cffi import (
  File "/home/kali/.local/lib/python3.11/site-packages/oscrypto/_openssl/_libcrypto_cffi.py", line 46, in <module>
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

I suggest removing the line pipx install git+https://github.com/mpgn/CrackMapExec.git --force

Relevant Links:

dbt-labs/dbt-core#3366

wbond/oscrypto#78

https://github.com/mpgn/CrackMapExec/issues/108

wbond/oscrypto#78

Hi !
How i can fix this trouble?

`
[*] gMSA Dump
[-] Please verify the location of gMSADumper.py

[*] LdapRelayScan checks
[-] Please verify the location of LdapRelayScan.py
`

hello
I think the switch --log was added in the new version of crackmapexec and it is not supported in the active version 5.4. Therefore, I am facing an error in the implementation of linwinpwn. How should I install Crackmapexec version 6 on Kali? it is not available in repository
thanks

Hello buddy, awesome tool you have created here, congratz, i have a question, why i cant see the menu as you have the example on the git, if i dont use any tags its gives me only configuration or authentication, im missing somenthing? thanks in advance

Users Enumeration (Null session)

/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,

/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,

[+] Found 0 users using RPC User Enum

[*] Users Enumeration (Null session)
/usr/lib/python3/dist-packages/paramiko/transport.py:236: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,

bash linWinPwn.sh -t 10.70.8.100 -u user -p 'passwd123' --auto

**This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress.

• The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability.(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)

• The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible

Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!**

Can't use the tool if the zone is legacy..