CrackMapExec
CrackMapExec copied to clipboard
byt3bl33d3r
SMB Spider-Plus Module - Junction Infinite Recursion [BUG]
Describe the bug
Running the spider_plus module, there could be junctions/hard links that are followed in an infinite recursion loop that will stop when it hits the windows max character limit of 255.
To Reproduce
cme --verbose smb <targetip> -u 'administrator' -p '' -M spider_plus
Workaround:
In my experience with this bug, the directory that it hits first in this bug are "Application Data". You can exclude the directory OR can check for it in the code when its hit.
cme --verbose smb <targetip> -u 'administrator' -p '' -M spider_plus -o EXCLUDE_DIR='AppData,Local Settings,Application Data'
This could be potentially an issue with other hard links/junctions, but this will work for "Application Data" Line 196 at cme/modules/spider_plus.py
if subfolder.lower().endswith("application data/") and result.get_longname().lower() == "application data":
# Ignore Application Data Junction/Hard Link. It points to AppData. Trying to view it just takes you in a spiral down to nowhere.
continue
There could be a way to check if its a junction/hard link in the result metadata. DIdn't look into it too much.
Crackmapexec info
- OS: Kali
- Version of CME: 5.4.1
- Installed from apt or using latest release ? Latest Release via pipx
Hello @godylockz thanks for the report, do you want to make a PR so you can get proper credit ?
Hello @godylockz thanks for the report, do you want to make a PR so you can get proper credit ?
I'm not quite sure how to properly fix this unless checking for junctions. Might need an impacket PR first? I could patch it quickly by just looking for recursion into same named folders or something like that.
By default I think I will add C$ and ADMIN$ on the exclude shares.
You can add your fix, at least it will work for this case until I dig into it