Have you ever heard of CrackMapExec ?

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.

It took part in enumeration and exploitation of many protocols like smb, ssh, ldap, winrm, mssql.

Each module has a list of available plugins useful for many purposes. In smb for example, you can enumerate users if anonymous session is allowed on a specif domain controller.

You can also use zerologon plugin to check if any domain controller machine is vulnerable to Zerologon (CVE-2020-1472). The following picture shows an example of how this can be used.

Then from now on, don’t forget to include crackmapexec in your tool list during a pentest engagement !

Share this post

About the author


Offensive Security Experienced Penetration Tester (OSEP)
Offensive Security Web Expert (OSWE)
Offensive Security Certified Professional (OSCP)
Certified Soc Analyst (CSA)
Certified Ethical Hacker (CEH)
Web Developer

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *