Search the Community

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve its functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques. Although meant to be used primarily for offensive purposes (e.g. red teams), CME can be used by blue teams as well to assess account privileges, find possible misconfiguration, and simulate attack scenarios. CrackMapExec is developed by @byt3bl33d3r This repository contains the following repositories as submodules: Impacket Pywinrm Pywerview PowerSploit Invoke-Obfuscation Invoke-Vnc Mimikittenz NetRipper RandomPS-Scripts SessionGopher Mimipenguin Changelog v5.1.7dev 💫 Features 💫 Add module MachineAccountQuota.py to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0dalirius Add module get-desc-users Get the description of each users and search for password in the description @nodauf Add module mssql_priv to enumerate and exploit MSSQL privileges @sokaRepo Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD @nodauf Add custom port for WinRM Switch from gevent to asyncio Shares are now logged in the database and can be queried You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan Add better error message on LDAP protocol Add more options to LDAP option --groups option --users option --continue-on-success Add additional Info to LDAP Kerberoasting Account Name Password last set Last logon Member of Bump lsassy to latest version 2 Add new option --amsi-bypass to bypass AMSI with your own custom code Add module LAPS to retrieve all LAPS passwords Add IPv6 support Add improvment when testing null session for the output Remove thirdparty folder 🥳 🔧 Issues 🔧 Fix spelling mistakes Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIR on spider_plus module Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3 Fix module Wireless Fix issue with --pass-pol for Maximum password age Fix encoding issue with spider option [hide][Hidden Content]]

CRACKMAPEXEC CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve it’s functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques. Although meant to be used primarily for offensive purposes (e.g. red teams), CME can be used by blue teams as well to assess account privileges, find possible misconfiguration, and simulate attack scenarios. CrackMapExec is developed by @byt3bl33d3r This repository contains the following repositories as submodules: Impacket Pywinrm Pywerview PowerSploit Invoke-Obfuscation Invoke-Vnc Mimikittenz NetRipper RandomPS-Scripts SessionGopher Mimipenguin Changelog v5.1.1dev 💫 Features 💫 Switched from Pipenv to Poetry for development and dependency management. Now has Windows binaries! [hide][Hidden Content]]