-x
or -X
you have to run CME as sudo since the port 445 was needed. This was an old feature that is now deprecated.--laps
. If you have compromised an account that can read LAPS password, you can now use this account and target every computer you want on the network, CME will automatically use this account to get the LAPS password of the computer targeted :)It allows attackers to elicit authentications made over HTTP instead of SMB, hence heightening NTLM relay capabilities.
PROCESS_VM_READ
procdump
to dump the lsass process using procdump.exe. This is the original module developed in 2019 with @Pixis before lsassy even exists !crackmapexec smb <ip> -u '' -p '' -M ms17-010
(not tested outside HTB) @ ywolf ioxidresolver
will helps you to identify hosts that have additional active interfaces, which usually means, virtual machines, VPNs, connected wireless, docker, etc. Really usefull on internal pentest sometimes to target the right server directly and avoid losing time !