🔱
🔱
🔱
🔱
CrackMapExec ~ CME WIKI
Public Release - v5.4.1
@byt3bl33d3r
@mpgn_x64
Search…
⌃K
Links
Introduction
🔥
News 2022
Changelog
Sponsoring CME
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
BloodHound integration
Report bugs or new features
Audit Mode
SMB protocol
Scan for vulnerabilities
Enumeration
Enumerate hosts
Enumerate null sessions
Enumerate anonymous logon
Enumerate active sessions
Enumerate shares and access
Enumerate disks
Enumerate logged on users
Enumerate domain users
Enumerate users by bruteforcing RID
Enumerate domain groups
Enumerate local groups
Enumerate domain password policy
Enumerate host with SMB signing not required
💲
Enumerate Antivirus/EDR
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
Defeating LAPS
Spooler, WebDav running ?
Steal Microsoft Teams cookies
LDAP protocol
Authentication
ASREPRoast
Find domain SID
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
🆕
Dump gMSA
Exploit ESC8 (adcs)
Extract subnet
Check LDAP signing
Read DACL right
💲
Extract gMSA secrets
💲
Bloodhound Ingestor
WINRM protocol
Password spraying
Authentication
Command execution
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
MSSQL upload/download
Windows command
SSH protocol
Password spraying
Authentication
Command execution
FTP protocol
Password spraying
RDP Protocol
Password spraying
Screenshot (connected)
🆕
Screenshot without NLA (not connected)
Powered By
GitBook
Enumerate domain users
Enumerate domain users on the remote target
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --users
Previous
Enumerate logged on users
Next
Enumerate users by bruteforcing RID
Last modified
2yr ago
