πŸ”±
πŸ”±
πŸ”±
πŸ”±
CrackMapExec ~ CME WIKI
Public Release - v5.3.0@byt3bl33d3r@mpgn_x64
Search…
Introduction
πŸ”₯
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
πŸ†•
BloodHound integration
Report bugs or new features
πŸ†•
Audit Mode
SMB protocol
πŸ†•
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
πŸ†•
Defeating LAPS
πŸ†•
Spooler, WebDav running ?
LDAP protocol
Authentication
ASREPRoast
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
πŸ†•
Exploit ESC8 (adcs)
WINRM protocol
Password spraying
Authentication
Command execution
πŸ†•
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
Windows command
SSH protocol
Password spraying
Authentication
Command execution
πŸ†•
RDP Protocol
Password spraying
Install aardwolf lib
Powered By GitBook
Selecting & Using a Protocol
Selecting & Using a Protocol on CrackMapExec

Using a Protocol

To use a specific protocol run cme <protocol> <protocol options>

Viewing Available Protocols

Running cme --help will list general options and protocols that are available (Notice the 'protocols' section below):
#~ cme --help
usage: cme [-h] [-v] [-t THREADS] [--timeout TIMEOUT] [--jitter INTERVAL]
[--darrell] [--verbose]
{http,smb,mssql} ...
​
______ .______ ___ ______ __ ___ .___ ___. ___ .______ _______ ___ ___ _______ ______
/ || _ \ / \ / || |/ / | \/ | / \ | _ \ | ____|\ \ / / | ____| / |
| ,----'| |_) | / ^ \ | ,----'| ' / | \ / | / ^ \ | |_) | | |__ \ V / | |__ | ,----'
| | | / / /_\ \ | | | < | |\/| | / /_\ \ | ___/ | __| > < | __| | |
| `----.| |\ \----. / _____ \ | `----.| . \ | | | | / _____ \ | | | |____ / . \ | |____ | `----.
\______|| _| `._____|/__/ \__\ \______||__|\__\ |__| |__| /__/ \__\ | _| |_______|/__/ \__\ |_______| \______|
​
A swiss army knife for pentesting networks
Forged by @byt3bl33d3r using the powah of dank memes
​
Version: 4.0.0dev
Codename: 'Sercurty'
​
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-t THREADS set how many concurrent threads to use (default: 100)
--timeout TIMEOUT max timeout in seconds of each thread (default: None)
--jitter INTERVAL sets a random delay between each connection (default: None)
--darrell give Darrell a hand
--verbose enable verbose output
​
protocols:
available protocols
​
{http,smb,mssql}
http own stuff using HTTP(S)
smb own stuff using SMB and/or Active Directory
mssql own stuff using MSSQL and/or Active Directory
​
Serrrrrrcuuurrrty?

Viewing Protocol options

Run cme <protocol> --help to view the options the specified protocol supports. For example to view all of the SMB protocol options:
#~ cme smb --help
usage: cme smb [-h] [-id CRED_ID [CRED_ID ...]] [-u USERNAME [USERNAME ...]]
[-p PASSWORD [PASSWORD ...]]
[--gfail-limit LIMIT | --ufail-limit LIMIT | --fail-limit LIMIT]
[-M MODULE] [-o MODULE_OPTION [MODULE_OPTION ...]] [-L]
[--options] [--server {http,https}] [--server-host HOST]
[--server-port PORT] [-H HASH [HASH ...]]
[-d DOMAIN | --local-auth] [--smb-port {139,445}]
[--share SHARE] [--gen-relay-list OUTPUT_FILE]
[--sam | --lsa | --ntds {vss,drsuapi}] [--shares] [--sessions]
[--disks] [--loggedon-users] [--users [USER]]
[--groups [GROUP]] [--local-groups [GROUP]] [--pass-pol]
[--rid-brute [MAX_RID]] [--wmi QUERY]
[--wmi-namespace NAMESPACE] [--spider SHARE]
[--spider-folder FOLDER] [--content] [--exclude-dirs DIR_LIST]
[--pattern PATTERN [PATTERN ...] | --regex REGEX [REGEX ...]]
[--depth DEPTH] [--only-files]
[--exec-method {mmcexec,smbexec,wmiexec,atexec}] [--force-ps32]
[--no-output] [-x COMMAND | -X PS_COMMAND]
[target [target ...]]
​
positional arguments:
target the target IP(s), range(s), CIDR(s), hostname(s),
FQDN(s) or file(s) containg a list of targets
​
optional arguments:
-h, --help show this help message and exit
-id CRED_ID [CRED_ID ...]
database credential ID(s) to use for authentication
-u USERNAME [USERNAME ...]
username(s) or file(s) containing usernames
-p PASSWORD [PASSWORD ...]
password(s) or file(s) containing passwords
--gfail-limit LIMIT max number of global failed login attempts
--ufail-limit LIMIT max number of failed login attempts per username
--fail-limit LIMIT max number of failed login attempts per host
-M MODULE, --module MODULE
payload module to use
-o MODULE_OPTION [MODULE_OPTION ...]
payload module options
-L, --list-modules list available modules
--options display module options
--server {http,https}
use the selected server (default: https)
--server-host HOST IP to bind the server to (default: 0.0.0.0)
--server-port PORT start the server on the specified port
-H HASH [HASH ...], --hash HASH [HASH ...]
​
-- SNIP --
Previous
Installation for Docker
Next - Getting Started
Target Formats
Last modified 2yr ago
Copy link
Outline
Using a Protocol
Viewing Available Protocols
Viewing Protocol options