This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Using Credentials
byt3bl33d3r edited this page Jan 27, 2016
·
27 revisions
The most basic way to test a set of of credentials across a network:
With a plain-text password:
python crackmapexec.py 172.16.0.1/24 -u username -p password
Note: When using usernames or passwords that contain special symbols, wrap them in single quotes to make your shell interpret it as a string:
python crackmapexec.py 172.16.0.1/24 -u username -p 'Admin!123@'
With a NTLM hash (Note: -H will always override -p):
python crackmapexec.py 172.16.0.1/24 -u username -H LMHASH:NTHASH
As of version 2.0 Kerberos is supported:
python crackmapexec.py 172.16.0.1/24 -u username --kerb -k HEX_KEY
By specifying a file or a comma separated list of values with the -u, -p and -H arguments, CrackMapExec will automatically brute-force SMB logins for all targets:
Examples:
python crackmapexec.py 172.16.0.1/24 -u username1 -p password1 password2
python crackmapexec.py 172.16.0.1/24 -u username1 username2 -p password1
python crackmapexec.py 172.16.0.1/24 -u username1 username2 -H LMHASH:NTHASH LMHASH:NTHASH
python crackmapexec.py 172.16.0.1/24 -u ~/file_containing_usernames -p ~/file_containing_passwords
python crackmapexec.py 172.16.0.1/24 -u ~/file_containing_usernames -H ~/file_containing_ntlm_hashes
You can log in with a null session by using '' as the username and/or password
Examples:
python crackmapexec.py 172.16.0.1/24 -u '' -p ''