Crackmapexec

Executing commands on a Windows system requires administrator credentials. CME automatically informs you if you have administrator access by adding (Pwn3d!) alongside

Execution methods

CME offers three distinct methods for command execution:

wmiexec executes commands via WMI
atexec executes commands by scheduling a task with the Windows Task Scheduler
smbexec executes commands by creating and running a service.

By default, CME switches to another execution method if one fails. It attempts to execute commands in the following order:

wmiexec
atexec
smbexec

If you wish to force CME to use a specific execution method, you can specify it using the --exec-method flag

Commands execution

# Execute whoami on the target with cmd.exe
crackmapexec <IP> -u <USERNAME>-p '<PASSWORD>' -x whoami

# # Execute powershell command on the target with powershell.exe
crackmapexec <IP> -u <USERNAME> -p '<PASSWORD>' -X '$PSVersionTable'

References

https://mpgn.gitbook.io/crackmapexec/smb-protocol/command-execution/execute-remote-commandmpgn.gitbook.io

PreviousPowershell Remoting - WinRM NextService Control (SC)

Last updated 2 years ago

hashtagExecution methods

hashtagCommands execution

hashtagReferences

Execution methods

Commands execution

References