# Crackmapexec

{% hint style="warning" %}
Executing commands on a Windows system requires administrator credentials. CME automatically informs you if you have administrator access by adding (*Pwn3d!*) alongside
{% endhint %}

## Execution methods  

CME offers three distinct methods for command execution: 

* `wmiexec` executes commands via WMI
* `atexec` executes commands by scheduling a task with the Windows Task Scheduler 
* `smbexec` executes commands by creating and running a service.

By default, CME switches to another execution method if one fails. It attempts to execute commands in the following order: 

1. `wmiexec` 
2. `atexec` 
3. `smbexec` 

If you wish to force CME to use a specific execution method, you can specify it using the --exec-method flag

## Commands execution

```python
# Execute whoami on the target with cmd.exe
crackmapexec <IP> -u <USERNAME>-p '<PASSWORD>' -x whoami

# # Execute powershell command on the target with powershell.exe
crackmapexec <IP> -u <USERNAME> -p '<PASSWORD>' -X '$PSVersionTable'
```

## References

{% embed url="<https://mpgn.gitbook.io/crackmapexec/smb-protocol/command-execution/execute-remote-command>" %}