Linux command
netexec 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Enumerate SMB shares
netexec smb [192.168.1.0/24] -u [user] -p [password] --shares
Check credentials
netexec smb [target] -u [user] -p [password]
Execute command
netexec smb [target] -u [admin] -p [password] -x "[whoami]"
Pass the hash
netexec smb [target] -u [user] -H [hash]
Enumerate users
netexec smb [target] -u [user] -p [password] --users
Spray passwords
netexec smb [target] -u [users.txt] -p [password]
WinRM access
netexec winrm [target] -u [user] -p [password]
LDAP enumeration
netexec ldap [target] -u [user] -p [password] --users
说明
netexec (formerly CrackMapExec) is a network security tool for Windows/Active Directory environments. It tests credentials, enumerates resources, and executes commands across networks. Multiple protocols are supported: SMB, WinRM, LDAP, SSH, MSSQL, FTP, RDP, WMI, VNC, and NFS. Each protocol has specific enumeration and exploitation modules. Credential testing validates usernames and passwords across targets. Pass-the-hash uses NTLM hashes directly. Password spraying tests one password against many accounts. Share enumeration reveals accessible network shares. User and group enumeration maps Active Directory structure. These provide reconnaissance for security assessments. Command execution requires appropriate privileges. Results are collected across all targets for analysis. The tool is designed for authorized penetration testing and security assessments.
参数
- smb
- SMB protocol.
- winrm
- WinRM protocol.
- ldap
- LDAP protocol.
- ssh
- SSH protocol.
- mssql
- MSSQL protocol.
- ftp
- FTP protocol.
- rdp
- RDP protocol.
- wmi
- WMI protocol.
- vnc
- VNC protocol.
- nfs
- NFS protocol.
- -u _USER_
- Username or file.
- -p _PASS_
- Password or file.
- -H _HASH_
- NTLM hash.
- -d _DOMAIN_
- Domain name.
- -x _CMD_
- Execute command.
- -X _PS_CMD_
- Execute PowerShell.
- --shares
- Enumerate shares.
- --users
- Enumerate users.
- --groups
- Enumerate groups.
- --local-auth
- Use local authentication.
- --sam
- Dump SAM database.
- --lsa
- Dump LSA secrets.
- -t _THREADS_
- Number of concurrent threads (default: 100).
- --timeout _SECONDS_
- Max timeout in seconds for connections.
FAQ
What is the netexec command used for?
netexec (formerly CrackMapExec) is a network security tool for Windows/Active Directory environments. It tests credentials, enumerates resources, and executes commands across networks. Multiple protocols are supported: SMB, WinRM, LDAP, SSH, MSSQL, FTP, RDP, WMI, VNC, and NFS. Each protocol has specific enumeration and exploitation modules. Credential testing validates usernames and passwords across targets. Pass-the-hash uses NTLM hashes directly. Password spraying tests one password against many accounts. Share enumeration reveals accessible network shares. User and group enumeration maps Active Directory structure. These provide reconnaissance for security assessments. Command execution requires appropriate privileges. Results are collected across all targets for analysis. The tool is designed for authorized penetration testing and security assessments.
How do I run a basic netexec example?
Run `netexec smb [192.168.1.0/24] -u [user] -p [password] --shares` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does smb do in netexec?
SMB protocol.