CrackMapExec
Last updated
Last updated
Every protocol supports targets by CIDR notation(s), IP address(s), IP range(s), hostname(s), a file containing a list of targets or combination of all of the latter:
Every protocol supports using credentials in one form or another. For details on using credentials with a specific protocol, see the appropriate wiki section.
Generally speaking, to use credentials, you can run the following commands:
Example:
crackmapexec <protocol> <target(s)> -u='-username' -p='-Admin!123@'
By specifying a credential ID (or multiple credential IDs) with the -id flag CME will automatically pull that credential from the back-end database and use it to authenticate (saves a lot of typing):
You can use CME with mulitple domain environment
Where FILE is a file with usernames in this format
All protocols support brute-forcing and password spraying. For details on brute-forcing/password spraying with a specific protocol, see the appropriate wiki section.
By specifying a file or multiple values CME will automatically brute-force logins for all targets using the specified protocol:
Examples:
Can be usefull for protocols like WinRM and MSSQL. This option avoid the bruteforce when you use files (-u file -p file)
Due to a in Python's argument parsing library, credentials beginning with a dash (-) will throw an expected at least one argument error message. To get around this, specify the credentials by using the 'long' argument format (note the = sign):