π±
π±
π±
π±
CrackMapExec ~ CME WIKI
Public Release - v5.2.2
@byt3bl33d3r
@mpgn_x64
Searchβ¦
Introduction
π₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
π
BloodHound integration
Report bugs or new features
SMB protocol
π
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
π
Defeating LAPS
π
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
π
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
Powered By
GitBook
Authentication
WinRM Authentication
Testing credentials
1
#~ cme winrm 192.168.1.0/24 -u user -p password
Copied!
Expected Results:
1
WINRM 192.168.255.131 5985 ROGER [*] http://192.168.255.131:5985/wsman
2
WINRM 192.168.255.131 5985 ROGER [+] GOLD\user:password (Pwn3d!)
Copied!
If the SMB port is closed you can also use the flag
-d DOMAIN
to avoid an SMB connection
1
#~ cme winrm 192.168.1.0/24 -u user -p password -d DOMAIN
Copied!
Expected Results:
1
WINRM 192.168.255.131 5985 192.168.255.131 [*] http://192.168.255.131:5985/wsman
2
WINRM 192.168.255.131 5985 192.168.255.131 [+] GOLD\user:password (Pwn3d!)
Copied!
Example
Monteverde machine is a good example to test
WinRM
procotol with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/223
www.hackthebox.eu
β
WINRM protocol - Previous
Password spraying
Next - WINRM protocol
Command execution
Last modified
12d ago
Copy link
Contents
WinRM Authentication
Example