π±
π±
π±
π±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2
@byt3bl33d3r
@mpgn_x64
Searchβ¦
Introduction
π₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
π
BloodHound integration
Report bugs or new features
π²
Audit Mode
SMB protocol
π
Scan for vulnerabilities
Enumeration
Enumerate hosts
Enumerate null sessions
Enumerate anonymous logon
Enumerate active sessions
Enumerate shares and access
Enumerate disks
Enumerate logged on users
Enumerate domain users
Enumerate users by bruteforcing RID
Enumerate domain groups
Enumerate local groups
Enumerate domain password policy
Enumerate host with SMB signing not required
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
π
Defeating LAPS
π
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
π
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
π
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
π
RDP Protocol
Password spraying
Install aardwolf lib
Powered By
GitBook
Enumerate null sessions
Checking if
Null Session
is enabled on the network, can be very useful on a Domain Controller to enumerate users, groups, password policy etc
1
#~ cme smb 10.10.10.161 -u '' -p ''
2
#~ cme smb 10.10.10.161 --pass-pol
3
#~ cme smb 10.10.10.161 --users
4
#~ cme smb 10.10.10.161 --groups
Copied!
You can also reproduce this behavior with
smbclient
or
rpcclient
1
smbclient -N -U "" -L \\10.10.10.161
Copied!
1
rpcclient -N -U "" -L \\10.10.10.161
2
rpcclient gt; enumdomusers
3
user:[bonclay] rid:[0x46e]
4
user:[zoro] rid:[0x46f]
5
β
Copied!
Example
Forest or Monteverde machines are good examples to test
null session
authentication with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/212
www.hackthebox.eu
https://www.hackthebox.eu/home/machines/profile/223
www.hackthebox.eu
β
Previous
Enumerate hosts
Next
Enumerate anonymous logon
Last modified
1yr ago
Copy link
Contents
Example