🔱
🔱
🔱
🔱
CrackMapExec ~ CME WIKI
@mpgn_x64
Search
⌃
K
Links
Introduction
🔥
News
Changelog
Other Gitbook
Getting Started
Installation
Selecting & Using a Protocol
Target Formats
Using Credentials
Using Kerberos
Using Modules
Database General Usage
BloodHound integration
Audit Mode
Log your results
SMB protocol
Scan for vulnerabilities
Enumeration
Password spraying
Authentication
Command execution
Spidering Shares
Get and Put files
Obtaining Credentials
Dump SAM
Dump LSA
Dump NTDS.dit
Dump LSASS
Dump WIFI password
Dump KeePass
Dump DPAPI
Defeating LAPS
Spooler, WebDav running ?
Steal Microsoft Teams cookies
LDAP protocol
Authentication
ASREPRoast
Find domain SID
Kerberoasting
Unconstrained delegation
Admin Count
Machine Account Quota
Get user descriptions
Dump gMSA
Exploit ESC8 (adcs)
Extract subnet
Check LDAP signing
Read DACL right
Extract gMSA secrets
Bloodhound Ingestor
List DC IP
Enumerate trusts
WINRM protocol
Password spraying
Authentication
Command execution
Defeating LAPS
MSSQL protocol
Password spraying
Authentication
MSSQL Privesc
MSSQL command
MSSQL upload/download
Windows command
SSH protocol
Password spraying
Authentication
Command execution
FTP protocol
Password spraying
RDP Protocol
Password spraying
Screenshot (connected)
Screenshot without NLA (not connected)
WMI Protocol
Password spraying
Authentication
Command execution
Powered By
GitBook
Dump SAM
Dump SAM hashes using methods from secretsdump.py
You need at least local admin privilege on the remote target, use option
--local-auth
if your user is a local account
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --sam
SMB protocol - Previous
Obtaining Credentials
Next
Dump LSA
Last modified
3yr ago