forked from aryanguenthner/365
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcme-pwn.sh
183 lines (165 loc) · 4.12 KB
/
cme-pwn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/usr/bin/env bash
# Tested on Kali 2023.4
# Updated 02/15/2024
# Hack The Planet
# Setting Variables
KALI=$(hostname -I)
SUBNET=$(ip r | awk 'FNR == 2 {print $1}')
TARGETS=ips.txt
PWD=$(pwd)
DATE0=$(date +%Y%m%d).cme_$RANDOM
echo
# How to hack the planet
echo "Usage ./cme-full-scan.sh evil.com"
echo " ./cme-full-scan.sh 192.168.0.1 192.168.0.2"
echo " ./cme-full-scan.sh evil.com 192.168.0.1/24"
echo " ./cme-full-scan.sh subnets.txt"
echo " ./cme-full-scan.sh ips.txt"
echo
echo "Press Enter for Scan Completion Status"
echo
echo "CTRL+c to start over"
echo
echo "Current Networking Information"
echo
ip r
echo
# Creds
echo -e "Using Creds y/n: "
read CREDS
if [ $CREDS == y ]
then
# Username
echo -en "Enter username: "
read -e USERNAME
echo
# Password
echo -en "Enter password: "
read -e PASS
echo
else
echo
echo "Running Crackmap without creds"
echo
echo
fi
echo
# File name
echo -en "Output File Name: "
read -e FNAME
echo
# User Input
FILE1="$1"
if [ -f $FILE1 ]
then
echo "Starting Crackmap"
echo
else
echo "Missing Input file"
fi
echo
# Crackmap Magic
echo
echo "RDP"
crackmapexec rdp $FILE1 | tee crackmap-rdp-$FNAME.$DATE0.txt;
echo
echo "Exporting RDP targets to rdp-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-rdp-$FNAME.$DATE0.txt > rdp-ips.txt
echo
echo "WINRM"
crackmapexec winrm $FILE1 | tee crackmap-winrm-$FNAME.$DATE0.txt;
echo
echo "Exporting WinRM targets to winrm-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-winrm-$FNAME.$DATE0.txt > winrm-ips.txt
echo
echo "LDAP"
crackmapexec ldap $FILE1 | tee crackmap-ldap-$FNAME.$DATE0.txt;
echo
echo "Exporting LDAP targets to winrm-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-ldap-$FNAME.$DATE0.txt > ldap-ips.txt
echo
echo "MSSQL"
crackmapexec mssql $FILE1 | tee crackmap-mssql-$FNAME.$DATE0.txt;
echo
echo "Exporting MSSQL targets to mssql-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-mssql-$FNAME.$DATE0.txt > mssql-ips.txt
echo
echo "SMB"
crackmapexec smb $FILE1 | tee crackmap-smb-$FNAME.$DATE0.txt;
echo
echo "Exporting SMB targets to smb-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-smb-$FNAME.$DATE0.txt > smb-ips.txt
cat crackmap-smb-$FNAME.$DATE0.txt | grep -ai 'signing:False\|SMBv1:True' | awk '{print $2}' | sort -u SMB-Vulerabilities.txt
echo
echo "FTP"
crackmapexec ftp $FILE1 | tee crackmap-ftp-$FNAME.$DATE0.txt;
echo
echo "Exporting FTP targets to ftp-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-ftp-$FNAME.$DATE0.txt > ftp-ips.txt
echo
echo "SSH"
crackmapexec ssh $FILE1 | tee crackmap-ssh-$FNAME.$DATE0.txt;
echo
echo "Exporting SSH targets to ssh-ips.txt"
echo "Be Patient"
echo
echo -ne '##### (33%)\r'
sleep 1
echo -ne '############# (66%)\r'
sleep 1
echo -ne '####################### (100%)\r'
echo -ne '\n'
awk '{print $2}' crackmap-ssh-$FNAME.$DATE0.txt > ssh-ips.txt
echo
echo
echo "Crackmap Finished Results are Ready"
echo
# hack the planet