Crackmapexec
Executing commands on a Windows system requires administrator credentials. CME automatically informs you if you have administrator access by adding (Pwn3d!) alongside
Execution methods
CME offers three distinct methods for command execution:
wmiexec
executes commands via WMIatexec
executes commands by scheduling a task with the Windows Task Schedulersmbexec
executes commands by creating and running a service.
By default, CME switches to another execution method if one fails. It attempts to execute commands in the following order:
wmiexec
atexec
smbexec
If you wish to force CME to use a specific execution method, you can specify it using the --exec-method flag
Commands execution
# Execute whoami on the target with cmd.exe
crackmapexec <IP> -u <USERNAME>-p '<PASSWORD>' -x whoami
# # Execute powershell command on the target with powershell.exe
crackmapexec <IP> -u <USERNAME> -p '<PASSWORD>' -X '$PSVersionTable'
References
Last updated
Was this helpful?