CrackMapExec — Pentesting Active Directory Environments – DigitalMunition

Pentest Tools windows-crackMap

Published on January 19th, 2016 📆 | 5251 Views ⚑


CrackMapExec — Pentesting Active Directory Environments

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments!

From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more!

CrackMapExec v2.3 Released


Pentesting Active Directory Environments:

  • Pure Python script, no external tools required
  • Fully concurrent threading
  • Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc…
  • Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc…)


Installation on Kali Linux

Run pip install --upgrade -r requirements.txt


A swiss army knife for pentesting
Windows/Active Directory environments



                Swiss army knife for pentesting Windows/Active Directory environments | @byt3bl33d3r

                      Powered by Impacket (@agsolino)

                                                  Inspired by:
                           @ShawnDEvans's smbmap
                           @gojhonny's CredCrack
                           @pentestgeek's smbexec

positional arguments:
  target                The target range, CIDR identifier or file containing targets

optional arguments:
  -h, --help            show this help message and exit
  -t THREADS            Set how many concurrent threads to use
  -u USERNAME           Username, if omitted null session assumed
  -p PASSWORD           Password
  -H HASH               NTLM hash
  -n NAMESPACE          Namespace name (default //./root/cimv2)
  -d DOMAIN             Domain name
  -s SHARE              Specify a share (default: C$)
  -P {139,445}          SMB port (default: 445)
  -v                    Enable verbose output

Credential Gathering:
  Options for gathering credentials

  --sam                 Dump SAM hashes from target systems
  --mimikatz            Run Invoke-Mimikatz on target systems
  --ntds {ninja,vss,drsuapi}
                        Dump the NTDS.dit from target DCs using the specifed method
                        (drsuapi is the fastest)


Mapping/Enumeration: Options for Mapping/Enumerating --shares List shares --sessions Enumerate active sessions --users Enumerate users --lusers Enumerate logged on users --wmi QUERY Issues the specified WMI query Account Bruteforcing: Options for bruteforcing SMB accounts --bruteforce USER_FILE PASS_FILE Your wordlists containing Usernames and Passwords --exhaust Don't stop on first valid account found Spidering: Options for spidering shares --spider FOLDER Folder to spider (defaults to share root dir) --pattern PATTERN Pattern to search for in filenames and folders --patternfile PATTERNFILE File containing patterns to search for --depth DEPTH Spider recursion depth (default: 1) Command Execution: Options for executing commands --execm {atexec,wmi,smbexec} Method to execute the command (default: smbexec) -x COMMAND Execute the specified command -X PS_COMMAND Excute the specified powershell command Shellcode/EXE/DLL injection: Options for injecting Shellcode/EXE/DLL's using PowerShell --inject {exe,shellcode,dll} Inject Shellcode, EXE or a DLL --path PATH Path to the Shellcode/EXE/DLL you want to inject on the target systems --procid PROCID Process ID to inject the Shellcode/EXE/DLL into (if omitted, will inject within the running PowerShell process) --exeargs EXEARGS Arguments to pass to the EXE being reflectively loaded (ignored if not injecting an EXE) Filesystem interaction: Options for interacting with filesystems --list PATH List contents of a directory --download PATH Download a file from the remote systems --upload SRC DST Upload a file to the remote systems --delete PATH Delete a remote file There's been an awakening... have you felt it?



Source && Download

Download Best WordPress Themes Free Download
Free Download WordPress Themes
Download WordPress Themes Free
Download WordPress Themes Free
udemy paid course free download

Leave a Reply ✍