CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments!
From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more!
The biggest improvements over the above tools are:
- Pure Python script, no external tools required
- Fully concurrent threading
- Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc…
- Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc…)
Additionally, a database is used to store used/dumped credentals. It also automatically correlates Admin credentials to hosts and vice-versa allowing you to easily keep track of credential sets and gain additional situational awareness in large environments.
To get the latest stable version:
#~ pip install crackmapexec
If you like living on the bleeding-edge:
#~ git clone https://github.com/byt3bl33d3r/CrackMapExec #- cd CrackMapExec && git submodule init && git submodule update --recursive #~ python setup.py install
Note for Kali/Debian/Ubuntu Users:
If you get compilation errors run
apt-get install -y libssl-dev libffi-dev python-dev build-essential and try again.
- Kerberos support
Powered by Impacket
This project was inspired by/based off of:
- @agsolino’s wmiexec.py, wmiquery.py, smbexec.py, samrdump.py, secretsdump.py, atexec.py and lookupsid.py scripts (beyond awesome)
- @ShawnDEvans’s smbmap
- @gojhonny’s CredCrack
- @pentestgeek’s smbexec
This repo also includes the PowerSploit repository as a submodule.
See the project’s wiki for documentation and usage examples