Enumerating Users With CME - Anonymously

Install Crackmapexec

python3 -m pip install pipx
git clone https://github.com/Porchetta-Industries/CrackMapExec
cd CrackMapExec
pip install .

crackmapexec

From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more.

IP range to quickly get netbios answers by windows computers. This is a very quick way to get all the windows machine IP, FQDN and domains

crackmapexec smb 192.168.56.1/24

Enumerating Users

crackmapexec smb 192.168.56.10 --users
crackmapexec smb 192.168.56.12 --users
crackmapexec smb 192.168.56.11 --users

and we found our first password! Let's save it and keep the recon.

Password Policy

we could also retrieve the password policy before trying bruteforce. The password policy show us that if we fail 5 times in 5 minutes we lock the accounts for 5minutes.

crackmapexec smb 192.168.56.10 --pass-pol
crackmapexec smb 192.168.56.12 --pass-pol
crackmapexec smb 192.168.56.11 --pass-pol
PreviousEnumerate NetworkNextEnumerate Users Anonymously - RPC

Last updated