πŸ”±
πŸ”±
πŸ”±
πŸ”±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2@byt3bl33d3r@mpgn_x64
Search…
Introduction
πŸ”₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
πŸ†•
BloodHound integration
Report bugs or new features
SMB protocol
πŸ†•
Scan for vulnerabilities
Enumeration
Enumerate hosts
Enumerate null sessions
Enumerate anonymous logon
Enumerate active sessions
Enumerate shares and access
Enumerate disks
Enumerate logged on users
Enumerate domain users
Enumerate users by bruteforcing RID
Enumerate domain groups
Enumerate local groups
Enumerate domain password policy
Enumerate host with SMB signing not required
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
πŸ†•
Defeating LAPS
πŸ†•
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
πŸ†•
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
Powered By GitBook
Enumerate anonymous logon
Using a random username and password you can check if the target accepts annonymous logon
Make sure the password is empty
1
cme smb 10.10.10.178 -u 'a' -p ''
Copied!
You can also check this behavior with smbclient or rpcclient
1
smbclient -N -L \\10.10.10.178
2
rpcclient -N -L 10.10.10.178
Copied!
Network access: Shares that can be accessed anonymously
docsmsft

Example

Nest machine is a good example of anonymous logon with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/225
www.hackthebox.eu
Previous
Enumerate null sessions
Next
Enumerate active sessions
Last modified 1yr ago
Copy link
Contents
Example