Update CrackMapExec to use latest version from the repo

[mpgn]

Description

Update CrackMapExec to use git clone instead for pypi since the package cannot be updated due to the fact cme is using latest commit of impacket not present on the pypi version of impacket

Related issues

The version actually used is very old, 5.2.2 vs 5.4.1

Point of attention

💘

[ShutdownRepo]

Thank you for this pull request!
First things first, changed target branch to dev, there are now some conflicts to resolve
Also, we'll need to have cme installed in a venv or pipx (pipx install git+https://github.com/Porchetta-Industries/CrackMapExec.git, or like #111)

[QU35T-code]

Hey @mpgn,

Thanks for this PR !

When installing aardwolf, a build error appears. It is related to this issue :
skelsec/aardwolf#13

The aardwolf dependency cannot currently be built with its latest version (from pip). I propose to wait until the new version and the problem will be solved.

[Dramelac]

Hello @mpgn

Thank you for the PR!

Maybe if cme use a source install of aardwolf instead of the pip package the problem should be resolved (a quick fix while waiting for a new release) ?

Might be something to try

[mpgn]

I have trouble to understand how it can fail, I start a brand new linux VM using Vultr without any previous packages except python3, pip and pipx, this is the result:

I would also add that if cme cannot be build I would have issue on the main repo.

[QU35T-code]

I think it only fail for ARM (mac). In the crackmapexec doc it is specified there is a problem with the dependency : https://wiki.porchetta.industries/getting-started/installation/installation-on-unix && byt3bl33d3r/CrackMapExec#585

[Mar 02, 2023 - 09:21:22 (UTC)] exegol-test-2 aardwolf-0.2.6 # python3 -m pipx install git+https://github.com/Porchetta-Industries/CrackMapExec
Fatal error from pip prevented installation. Full pip output in file:
    /root/.local/pipx/logs/cmd_2023-03-02_09.21.28_pip_errors.log

pip failed to build package:
    aardwolf

Some possibly relevant errors from pip install:
    error: subprocess-exited-with-error
    error: can't find Rust extension project file: aardwolf/utils/rlers/Cargo.toml

Error installing crackmapexec from spec 'git+https://github.com/Porchetta-Industries/CrackMapExec'.

Or :

[Mar 02, 2023 - 09:22:06 (UTC)] exegol-test-2 aardwolf-0.2.6 # python3 -m pip download --no-binary aardwolf aardwolf
Collecting aardwolf

[...TRUNCATED DATA...]

[Mar 02, 2023 - 09:23:07 (UTC)] exegol-test-2 aardwolf-0.2.6 # python3 -m pip install aardwolf-0.2.6.tar.gz

[...TRUNCATED DATA...]

error: can't find Rust extension project file: aardwolf/utils/rlers/Cargo.toml
[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for aardwolf
Failed to build aardwolf
ERROR: Could not build wheels for aardwolf, which is required to install pyproject.toml-based projects

The archive on pip isn't complete (https://pypi.org/project/aardwolf/#files):

[mpgn]

Strange things, I request aardwold 0.2.5 but the script request 0.2.6

https://github.com/Porchetta-Industries/CrackMapExec/blob/master/requirements.txt#L1

On linux:

Or maybe I didn't understand your output, anyway maybe we can check if the ARCH is ARM and run python3 -m pip download --no-binary aardwolf aardwolf before :)

[QU35T-code]

As you are on Linux (AMD), during the pip install it will retrieve the package associated with your architecture (eg: aardwolf-0.2.5-..._x86_64.whl), then install it.

In the MacOS (ARM) case, there is no whl package for arm, so, it will retrieve the aardwolf-0.2.5.tar.gz archive, but this archive is not complete (missing files -> bug during push) and trigger the error.

Collecting aardwolf==0.2.5
  Using cached aardwolf-0.2.5.tar.gz (926 kB)

[QU35T-code]

There is exactly the same problem with the 0.2.5 and 0.2.6 archive.

[mpgn]

And the command python3 -m pip download --no-binary aardwolf aardwolf doesn't fix the problem ?

[QU35T-code]

python3 -m pip download --no-binary aardwolf aardwolf doesn

Nop, because this command will download the archive .tar.gz

[mpgn]

too bad, well who use mac anyway aha

[mpgn]

in any case this is interesting, didn't know about build failing for Mac :)

[ShutdownRepo]

in any case this is interesting, didn't know about build failing for Mac :)

It's more of an ARM64 issue, meaning M1/M2 mac are affected but ARM64 raspberry pies as well

[QU35T-code]

Hey @mpgn and everyone,

Skelsec has released a new version which solved the problem : skelsec/aardwolf#13 !

Doing tests and changing the version of aardwolf in the requirement.txt and pyproject.toml file (from 0.2.5 to 0.2.7), I get dependency conflict errors.

Despite this, I found a way to perform the installation for ARM :

# Download the cme repo
git -C /opt/tools clone https://github.com/Porchetta-Industries/CrackMapExec
cd /opt/tools/CrackMapExec || exit

# Remove aardwolf from requirements files
sed -i '/aardwolf/d' requirements.txt pyproject.toml

# Create python venv
python3 -m venv ./venv

# Download aardwolf-0.2.7.tar.gz from pypi
mkdir deps
cd deps
python3 -m pip download --no-binary aardwold aardwolf
cd ../

# Install aardwolf dep
./venv/bin/python3 -m pip install deps/aardwolf*.tar.gz

# Install all the requirements
./venv/bin/python3 -m pip install .

For the alias file, we can define it as the following :

alias cme='/opt/tools/CrackMapExec/venv/bin/python3 /opt/tools/CrackMapExec/cme/crackmapexec.py'

I think we can make a separation for the AMD and ARM case and use pipx as currently.

[mpgn]

Don't you think it's better if I bump aardwolf inside cme to 0.2.7 directly ?

[Dramelac]

Don't you think it's better if I bump aardwolf inside cme to 0.2.7 directly ?

It will be easier, for sure.

[QU35T-code]

Don't you think it's better if I bump aardwolf inside cme to 0.2.7 directly ?

If you update to the latest version, we can do pipx install for ARM and AMD and it should work !

[mpgn]

Ok i will do then

[mpgn]

We are working with some what appears to be some regression with Skelsec :)

[mpgn]

Should be good, check commit byt3bl33d3r/CrackMapExec@d2ea13f

I also advise you strongly to use latest version of pypykatz inside exegol if this is not the case :)

[QU35T-code]

Thanks @mpgn and Skelsec, that's a good work !
I tried in my mac (ARM) and it works.

[QU35T-code]

Should be good, check commit Porchetta-Industries/CrackMapExec@d2ea13f

I also advise you strongly to use latest version of pypykatz inside exegol if this is not the case :)

During the next image build, pypykatz will be updated to the latest version (0.6.6).

[mpgn]

https://twitter.com/SkelSec/status/1632116466085502986?t=KN6Gf1QIsUhYwL6tGDvNog&s=19

[QU35T-code]

The failed pypykatz test here is due to the synchronization of the mpgn:patch-1 branch and the Exegol-images:dev branch.
When merging, the problem should be solved.