πŸ”±
πŸ”±
πŸ”±
πŸ”±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2@byt3bl33d3r@mpgn_x64
Search…
Introduction
πŸ”₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
πŸ†•
BloodHound integration
Report bugs or new features
πŸ’²
Audit Mode
SMB protocol
πŸ†•
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
πŸ†•
Defeating LAPS
πŸ†•
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
πŸ†•
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
πŸ’²
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
πŸ’²
RDP Protocol
Password spraying
Install aardwolf lib
Powered By GitBook
πŸ†•
Defeating LAPS
CrackMapExec vs LAPS

Using CrackMapExec when LAPS installed on the domain

If LAPS is used inside the domain, is can be hard to use CrackMapExec to execute a command on every computer on the domain.
Therefore, a new core option has been added --laps ! If you have compromised an accout that can read LAPS password you can use CrackMapExec like this
crackmapexec smb <ip> -u user-can-read-laps -p pass --laps
If the default administrator name is not administrator add the user after the option
--laps name
Previous
Dump WIFI password
Next - SMB protocol
Spooler, WebDav running ?
Last modified 4mo ago
Copy link