CrackMapExec (CME) is a versatile and powerful tool for pentesters and red teamers who want to perform various attacks and operations on Windows networks using the Server Message Block (SMB) protocol. SMB is a network file sharing protocol that allows users to access files, printers, and other resources on a remote server. SMB is also used for authentication, authorization, and communication between Windows hosts.
In this article, we will provide a simple and concise cheat sheet for using CME to perform common tasks such as enumeration, credential spraying, command execution, and credential dumping using SMB. We will assume that you have already installed CME on your system and that you have a valid username and password or hash to authenticate to the target network. We will also use the following notation:
10.0.0.0/24: The target network subnet.
UserName: The username to authenticate with.
PASS: The password or hash to authenticate with.
DOMAIN: The domain name of the target network.
HOST: The IP address or hostname of a specific target host.
Enumeration is the process of gathering information about the target network, such as live hosts, shares, sessions, users, groups, policies, etc. CME provides various options to perform enumeration using SMB. Here are some examples: