CrackMapExec Full Post Exploitation
Posted in: Penetration Testing Tools

CrackMapExec: Full Post Exploitation guide

CrackMapExec (also known as CME) is a post-exploitation program that assists in automating the security assessment of large Active Directory infrastructures.

CME was designed with stealth in mind, exploiting built-in Active Directory functionality to achieve its functionality and evading most endpoint protection/IDS/IPS technologies.

How to Install CrackMapExec

apt-get install -y libssl-dev libkrb5-dev libffi-dev python-dev build-essential
git clone https://github.com/Porchetta-Industries/CrackMapExec
cd CrackMapExec
poetry install
poetry run crackmapexec

Configure Databases

Supported Protocols

SMB
HTTP/HTTPs
MSSQL
LDAP
SSH
RDP
WINRM

Target Definition

crackmapexec <protocol> ms.evilcorp.org
crackmapexec <protocol> 192.168.1.0 192.168.0.2
crackmapexec <protocol> 192.168.1.0/24
crackmapexec <protocol> 192.168.1.0-28 10.0.0.1-67
crackmapexec <protocol> ~/targets.txt

Attack SMB Protocol

We will start scanning a network as an example and then a specific host on the network

crackmapexec smb 192.168.1.0/24
crackmapexec smb 192.168.1.91

Scan for Samba vulnerabilities with CME

ZeroLogon

crackmapexec smb <ip> -u '' -p '' -M zerologo

PetitPotam

crackmapexec smb <ip> -u '' -p '' -M petitpotam

noPAC

crackmapexec smb <ip> -u 'user' -p 'pass' -M nopac

Leave a Reply

Back to Top