crackmapexec

Supports smb, ldap, ssh, winrm, mssql

crackmapexec PROTOCOL IP[/CIDR] [--port PORT] [-d DOMAIN] -u USER|USER.txt -p PASS|PASS.txt [-H HASH|HASH.txt]
--share SHARE
--local-auth: authenticate locally to each target
--continue-on-success

Credential Gathering flags

  • dumps SAM: --sam

  • dumps LSA secrets: --lsa

  • dumps NTDS.dit: --ntds

Enumeration

  • get all shares: --shares

  • get sessions: --sessions

  • get logged-on users: --loggedon-users

  • get domain users: --users

  • get domain groups: --groups

File commands

  • upload: --put-file FILE TARGET_PATH_FILE

  • download: --put-file TARGET_PATH_FILE FILE

Command Execution

  • method of commmand execution: --exec-method [smbexec|atexec|mmcexec|wmiexec]

  • specific command for cmd: -x COMMAND

  • specific command for powershell: -X COMMAND

SMB

# to get password policy
crackmapexec smb IP -u '' -p '' --pass-pol
PreviousmethodologyNexthash identifier

Last updated