Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Selecting & Using a Protocol

byt3bl33d3r edited this page Apr 25, 2017 · 4 revisions

Using a Protocol

As of v4, CME has divided up it's functionality in an effort simplify/orginize/modularize argument parsing and capabilities.
This also allows to extend CME's functionality beyond Active Directory ;)

TL;DR To use a specific protocol run cme <protocol> <protocol_options>

Viewing Available Protocols

Running cme --help will list general options and protocols that are available (Notice the 'protocols' section below):

#~ cme --help
usage: cme [-h] [-v] [-t THREADS] [--timeout TIMEOUT] [--jitter INTERVAL]
           [--darrell] [--verbose]
           {http,smb,mssql} ...

      ______ .______           ___        ______  __  ___ .___  ___.      ___      .______    _______ ___   ___  _______   ______
     /      ||   _  \         /   \      /      ||  |/  / |   \/   |     /   \     |   _  \  |   ____|\  \ /  / |   ____| /      |
    |  ,----'|  |_)  |       /  ^  \    |  ,----'|  '  /  |  \  /  |    /  ^  \    |  |_)  | |  |__    \  V  /  |  |__   |  ,----'
    |  |     |      /       /  /_\  \   |  |     |    <   |  |\/|  |   /  /_\  \   |   ___/  |   __|    >   <   |   __|  |  |
    |  `----.|  |\  \----. /  _____  \  |  `----.|  .  \  |  |  |  |  /  _____  \  |  |      |  |____  /  .  \  |  |____ |  `----.
     \______|| _| `._____|/__/     \__\  \______||__|\__\ |__|  |__| /__/     \__\ | _|      |_______|/__/ \__\ |_______| \______|

                                         A swiss army knife for pentesting networks
                                    Forged by @byt3bl33d3r using the powah of dank memes

                                                      Version: 4.0.0dev
                                                     Codename: 'Sercurty'

optional arguments:
  -h, --help         show this help message and exit
  -v, --version      show program's version number and exit
  -t THREADS         set how many concurrent threads to use (default: 100)
  --timeout TIMEOUT  max timeout in seconds of each thread (default: None)
  --jitter INTERVAL  sets a random delay between each connection (default: None)
  --darrell          give Darrell a hand
  --verbose          enable verbose output

protocols:
  available protocols

  {http,smb,mssql}
    http             own stuff using HTTP(S)o
    smb              own stuff using SMB and/or Active Directory
    mssql            own stuff using MSSQL and/or Active Directory

Serrrrrrcuuurrrty?

Viewing Protocol options

Run cme <protocol> --help to view the options the specified protocol supports. For example to view all of the SMB protocol options:

#~ cme smb --help
usage: cme smb [-h] [-id CRED_ID [CRED_ID ...]] [-u USERNAME [USERNAME ...]]
               [-p PASSWORD [PASSWORD ...]]
               [--gfail-limit LIMIT | --ufail-limit LIMIT | --fail-limit LIMIT]
               [-M MODULE] [-o MODULE_OPTION [MODULE_OPTION ...]] [-L]
               [--options] [--server {http,https}] [--server-host HOST]
               [--server-port PORT] [-H HASH [HASH ...]]
               [-d DOMAIN | --local-auth] [--smb-port {139,445}]
               [--share SHARE] [--gen-relay-list OUTPUT_FILE]
               [--sam | --lsa | --ntds {vss,drsuapi}] [--shares] [--sessions]
               [--disks] [--loggedon-users] [--users [USER]]
               [--groups [GROUP]] [--local-groups [GROUP]] [--pass-pol]
               [--rid-brute [MAX_RID]] [--wmi QUERY]
               [--wmi-namespace NAMESPACE] [--spider SHARE]
               [--spider-folder FOLDER] [--content] [--exclude-dirs DIR_LIST]
               [--pattern PATTERN [PATTERN ...] | --regex REGEX [REGEX ...]]
               [--depth DEPTH] [--only-files]
               [--exec-method {mmcexec,smbexec,wmiexec,atexec}] [--force-ps32]
               [--no-output] [-x COMMAND | -X PS_COMMAND]
               [target [target ...]]

positional arguments:
  target                the target IP(s), range(s), CIDR(s), hostname(s),
                        FQDN(s) or file(s) containg a list of targets

optional arguments:
  -h, --help            show this help message and exit
  -id CRED_ID [CRED_ID ...]
                        database credential ID(s) to use for authentication
  -u USERNAME [USERNAME ...]
                        username(s) or file(s) containing usernames
  -p PASSWORD [PASSWORD ...]
                        password(s) or file(s) containing passwords
  --gfail-limit LIMIT   max number of global failed login attempts
  --ufail-limit LIMIT   max number of failed login attempts per username
  --fail-limit LIMIT    max number of failed login attempts per host
  -M MODULE, --module MODULE
                        payload module to use
  -o MODULE_OPTION [MODULE_OPTION ...]
                        payload module options
  -L, --list-modules    list available modules
  --options             display module options
  --server {http,https}
                        use the selected server (default: https)
  --server-host HOST    IP to bind the server to (default: 0.0.0.0)
  --server-port PORT    start the server on the specified port
  -H HASH [HASH ...], --hash HASH [HASH ...]

-- SNIP --