🟢SMB Modules
CrackMapExec Modules to attack SMB Protocol.
Last updated
CrackMapExec Modules to attack SMB Protocol.
Last updated
SMB Module | Description |
---|---|
Module | Description |
---|---|
ZeroLogon
Module to check if the DC is vulnerable to Zerologon aka CVE-2020-1472
Petitpotam
Module to check if the DC is vulnerable to PetitPotam, credit to @topotam
ms17-010
MS17-010, /!\ not tested oustide home lab
dfscoerce
Module to check if the DC is vulnerable to DFSCocerc, credit to @filip_dragovic/@Wh04m1001 and @topotam
nopac
Check if the DC is vulnerable to CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
shadowcoerce
Module to check if the target is vulnerable to ShadowCoerce, credit to @Shutdown and @topotam
gpp_autologin
Searches the domain controller for registry.xml to find autologon information and returns the username and password.
gpp_password
Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
handlekatz
Get lsass dump using handlekatz64 and parse the result with pypykatz
hash_spider
Dump lsass recursively from a given hash using BH to find local admins
keepass_discover
Search for KeePass-related files and process.
keepass_trigger
Set up a malicious KeePass trigger to export the database in cleartext.
lsassy
Dump lsass and parse the result remotely with lsassy
masky
Remotely dump domain user credentials via an ADCS and a KDC
teams_localdb
Retrieves the cleartext ssoauthcookie from the local Microsoft Teams database, if teams is open we kill all Teams process
wdigest
Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1
wireless
Get key of all wireless interfaces