Skip to content
/ CmRcAuth Public

Access check for Remote Control service (CmRcService.exe) in MECM/SCCM deployments

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bka-dev/CmRcAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
CmRcAuth.py
CmRcAuth.py
 
 
LICENSE
LICENSE
 
 
README.MD
README.MD
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CmRcAuth

CmRcAuth checks login credentials against the "Configuration Manager Remote Control" service (CmRcService.exe) that is used in MECM/SCCM deployments and by default running on TCP port 2701.

Requirements

The Python ntlm-auth library utilizes Hashlib for performing the necessary steps for NTLMSSP authentication. Therefore it requires MD4, which in current versions of OpenSSL is disabled.

A workaround is to enable legacy ciphers in /etc/ssl/openssl.cnf, however this seem to have negative side effects on other services of the operating system.

A recommendation would be to enable legacy ciphers, execute the tool and disable legacy ciphers afterwards.

Installation

git clone https://github.com/bka-dev/CmRcAuth.git
cd CmRcAuth`
pip3 install -r requirements.txt

Usage

Check authentication against a single host:

CmRcAuth.py -u <USERNAME> -d <DOMAIN> -f <IP>

Check authentication against multiple hosts read from an input file:

CmRcAuth.py -u <USERNAME> -d <DOMAIN> -f <FILE>

About

Access check for Remote Control service (CmRcService.exe) in MECM/SCCM deployments

Topics

sccm pentesting redteam mecm

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages