This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Command Execution
byt3bl33d3r edited this page Dec 25, 2015
·
9 revisions
#Command Execution
Executing commands on a windows system requires Administrator credentials which you must specify with the -u, -p or -H flags.
By default CrackMapExec tries to execute all commands via WMI.
In the following example, we try to execute whoami on the target using the -x flag:
~# sudo python crackmapexec.py 172.16.112.130 -u Administrator -p P@ssw0rd -x whoami
12-25-2015 13:04:14 [*] 172.16.112.130:445 is running Windows 10.0 Build 10240 (name:WIN10BOX) (domain:WIN10BOX)
12-25-2015 13:04:15 [+] 172.16.112.130:445 Login successful WIN10BOX\Administrator:P@ssw0rd
12-25-2015 13:04:16 [+] 172.16.112.130:445 Executed command via WMIEXEC
12-25-2015 13:04:16 win10box\administrator
#Execution Methods CrackMapExec can execute commands via 3 methods
- smbexec
- wmi
- atexec
You can specify which one to use with the --execm flag (the default method is WMI).