Executing commands on a Windows system requires administrator credentials. CME automatically informs you if you have administrator access by adding (Pwn3d!) alongside

Execution methods

CME offers three distinct methods for command execution:

  • wmiexec executes commands via WMI

  • atexec executes commands by scheduling a task with the Windows Task Scheduler

  • smbexec executes commands by creating and running a service.

By default, CME switches to another execution method if one fails. It attempts to execute commands in the following order:

  1. wmiexec

  2. atexec

  3. smbexec

If you wish to force CME to use a specific execution method, you can specify it using the --exec-method flag

Commands execution

# Execute whoami on the target with cmd.exe
crackmapexec <IP> -u <USERNAME>-p '<PASSWORD>' -x whoami

# # Execute powershell command on the target with powershell.exe
crackmapexec <IP> -u <USERNAME> -p '<PASSWORD>' -X '$PSVersionTable'


Last updated