Email us at office@sencode.co.uk

Contact Us Today 01642 716680

CrackMapExec

Definition: CrackMapExec, commonly abbreviated as CME, is a post-exploitation tool and Swiss Army knife for pentesters, red teamers, and cyber security professionals. It is designed to facilitate the assessment of large Active Directory networks by automating the exploitation of vulnerabilities and offering a variety of modules for credential gathering, lateral movement, and reconnaissance.

acting as a featured image for the page

CrackMapExec leverages SMB (Server Message Block) and other protocols to authenticate across networks, execute commands, propagate malware, and extract useful information from networked machines. This open-source toolkit, typically used in conjunction with other tools such as Metasploit, is valued for its efficiency in automating various tasks that, when done manually, would be time-consuming and repetitive.

The tool also aids in identifying systems that may be susceptible to known exploits or configurations prone to abuse. While CME is a powerful asset for legitimate security tasks, it can also be misused by attackers, underscoring the need for robust network security measures.

How to install CrackMapExec

Installing CrackMapExec is straightforward on most systems. CrackMapExec has three common methods used for installation, depending on your use case.

Python Installation

To install CrackMapExec with python (recommended). The CrackMapExec developers recommend this installation method due to the isolation of CrackMapExec’s core dependencies, which usually removes the clear majority of problems which can occur when trying to install the tool. Run the following commands sequentially to install the tool.

python3 -m pip install pipx
pipx ensurepath
pipx install crackmapexec

Docker Installation

The developers of the tool provide a Docker installation, simply install Docker and run the following command:

docker pull byt3bl33d3r/crackmapexec

Binary Installation

It is also possible to install the tool with the Binary files provided by the developers. It must be noted, Python 3 must be installed in order to run the tool. You can find the binary files here.

How to use CrackMapExec (CME)

Using CME efficiently requires some experience using the tool on a live environment. To get you started, here’s a cheat sheet that covers some of the most commonly used functionalities and commands:

Basic usage

  • List Hosts with SMB Signing Disabled:
  crackmapexec smb <target-ip> --gen-relay-list relaylist.txt
  • Get SMB Shares:
  crackmapexec smb <target-ip> -u <username> -p <password> --shares
  • Execute Command:
  crackmapexec smb <target-ip> -u <username> -p <password> -x 'command'
  • Deploy and Execute PowerShell Script:
  crackmapexec smb <target-ip> -u <username> -p <password> --ps-exec 'powershell script'

Authentication

  • Check for Null Sessions:
  crackmapexec smb <target-ip> --null-session
  • Use Hashes Instead of Password:
  crackmapexec smb <target-ip> -u <username> -H <ntlmhash>
  • Kerberos Authentication (Pass-the-Ticket):
  crackmapexec smb <target-ip> -u <username> --k <path-to-ticket>

Modules and advanced usage

  • Invoke Mimikatz Module:
  crackmapexec smb <target-ip> -u <username> -p <password> -M mimikatz
  • Spider SMB Shares:
  crackmapexec smb <target-ip> -u <username> -p <password> --spider <share-name>
  • Dump SAM Database:
  crackmapexec smb <target-ip> -u <username> -p <password> --sam

Output handling

  • Output Results to CSV File:
  crackmapexec smb <target-ip> -u <username> -p <password> --output /path/to/output.csv

Miscellaneous

  • Check for Logged in Users:
  crackmapexec smb <target-ip> -u <username> -p <password> --loggedon-users
  • Enumerate Local Admins:
  crackmapexec smb <target-ip> -u <username> -p <password> --local-auth

Remember to use CrackMapExec responsibly and only in environments where you have permission to do so, as it is a powerful tool that can significantly impact network security and operations. Under no circumstances should you use the tool against a live environment without prior consent from the asset owners.

Key Characteristics:

  • Network Efficiency: Streamlines various network penetration tasks, allowing for quick identification and exploitation of target systems.
  • Modular Design: Comes with a suite of versatile modules that extend CME’s functionality for different tasks.
  • Automation: Can simultaneously target multiple systems within a network, automating credential testing and exploiting known vulnerabilities.
  • Multiprotocol Support: Works not just with SMB, but also other protocols like WinRM, MSSQL, and more.

Examples:

  • Real-World Example: During an internal penetration test, a security consultant uses CME to test network resilience against lateral movement by attempting to spread across nodes using a list of known compromised credentials.
  • Hypothetical Scenario: After gaining initial foothold in a corporate network, a red team member uses CME to enumerate local admin credentials and exploit misconfigurations to access higher-privileged accounts.

Related Terms:

  • Penetration Testing: The practice of simulating a cyber attack against computer systems to identify exploitable vulnerabilities.
  • Lateral Movement: The techniques that cyber attackers use to move deeper into a network in search of sensitive data and assets.
  • Active Directory: A directory service developed by Microsoft that provides a variety of network services, commonly a target of tools like CME during security assessments.

Learn better by watching a video? Here is a YouTube video from Hacktive Education explaining how to use CrackMapExec.

Related Services:

Contact us

Get a free, no obligation quote from one of our expert staff.

      Looking for reliable Penetration Testing? Use the contact form below and request a quote today.

      Address

      Fusion Hive
      North Shore Road
      Stockton-on-Tees
      North East
      UK
      TS18 2NB

      Resources

      Glossary Careers Privacy Policy Contact Us Buyers Guide Press Pack Brand Guide

      Penetration Testing

      Penetration Testing Web App Penetration Testing Network Penetration Testing Mobile App Penetration Testing Social Engineering API Penetration Test GDPR Penetration Test VAPT

      Security Assessments

      Security Assessments Vulnerability Assessment Red Team Assessment AWS Cloud Security Review Microsoft Cloud Security Review OSINT Assessment Cyber Awareness Training
      01642716680 office@sencode.co.uk

      © 2025 Sencode Limited | Company Registration Number 12265595 | VAT Number 366 0145 11 | All Rights Reserved