OFFSITE.DARK
← Tools

Index · C

Kali Linux

crackmapexec

Overview

CrackMapExec (CME) is a Swiss-army knife for AD pentesting over SMB, WinRM, LDAP, MSSQL. Modules for enumeration, spraying, execution, and credential testing.

Spray: `cme smb 10.0.0.0/24 -u users.txt -p 'Spring2024!' --continue-on-success`. Exec: `-x whoami` or `-X PowerShell`. `--sam` dumps hashes on admin success.

Successor development continues as NetExec (nxc); Kali may ship both during transition.

Primary use cases

  • Password spraying across SMB
  • Pass-the-hash lateral movement
  • Share enumeration and spidering

Key commands

SMB spray

crackmapexec smb 10.0.0.0/24 -u users.txt -p 'Password1' --continue-on-success

Pass-the-hash exec

crackmapexec smb 10.0.0.50 -u administrator -H NTLMhash -x whoami

Related tools

  • netexecSuccessor to CrackMapExec. Network protocol abuse for Windows/AD environments.
  • ImpacketPython protocol implementations. secretsdump, psexec, getTGT, and SMB/Kerberos tooling for Windows networks.
  • BloodHoundAD attack path analysis. Ingests ACL/ACE and group membership into a graph of privilege escalation routes.
→ official site