CrackMapExec v2.2 Pentest for Active Directory

CrackMapExec v2.2 Pentest for Active Directory

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments!

From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more!

The biggest improvements over the above tools are:

  • Pure Python script, no external tools required
  • Fully concurrent threading
  • Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc…
  • Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc…)

 

positional arguments:
 target The target range, CIDR identifier or file containing targets
optional arguments:
 -h, --help show this help message and exit
 -v, --version show program's version number and exit
 -t THREADS Set how many concurrent threads to use (defaults to 100)
 -u USERNAME Username(s) or file containing usernames
 -p PASSWORD Password(s) or file containing passwords
 -H HASH NTLM hash(es) or file containing NTLM hashes
 -C COMBO_FILE Combo file containing a list of domain\username:password or username:password entries
 -k HEX_KEY AES key to use for Kerberos Authentication (128 or 256 bits)
 -d DOMAIN Domain name
 -n NAMESPACE WMI Namespace (default: //./root/cimv2)
 -s SHARE Specify a share (default: C$)
 --kerb Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters
 --port {139,445} SMB port (default: 445)
 --server {http,https}
 Use the selected server (defaults to http)
 --server-port PORT Start the server on the specified port
 --fail-limit LIMIT The max number of failed login attempts allowed per host (default: None)
 --gfail-limit LIMIT The max number of failed login attempts allowed globally (default: None)
 --verbose Enable verbose output

More Information: here

[button size=large style=round color=red align=none url=https://github.com/byt3bl33d3r/CrackMapExec]Download CrackMapExec v2.2[/button]

Thanks to our friend byt3bl33d3r, for sharing this tool with us 😉

MaxiSoler

www.artssec.com @maxisoler
Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Exploited Vulnerabilities in 2020

Top 10 Most Exploited Vulnerabilities in 2020

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

Efficiency of the Vulnerability Response With vFeed Intelligence

Efficiency of the Vulnerability Response With vFeed Intelligence

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs