🟢SMB Modules
CrackMapExec Modules to attack SMB Protocol.
Last updated
CrackMapExec Modules to attack SMB Protocol.
Last updated
ZeroLogon
Module to check if the DC is vulnerable to Zerologon aka CVE-2020-1472
Petitpotam
Module to check if the DC is vulnerable to PetitPotam, credit to @topotam
ms17-010
MS17-010, /!\ not tested oustide home lab
dfscoerce
Module to check if the DC is vulnerable to DFSCocerc, credit to @filip_dragovic/@Wh04m1001 and @topotam
nopac
Check if the DC is vulnerable to CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
shadowcoerce
Module to check if the target is vulnerable to ShadowCoerce, credit to @Shutdown and @topotam
gpp_autologin
Searches the domain controller for registry.xml to find autologon information and returns the username and password.
gpp_password
Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
handlekatz
Get lsass dump using handlekatz64 and parse the result with pypykatz
hash_spider
Dump lsass recursively from a given hash using BH to find local admins
keepass_discover
Search for KeePass-related files and process.
keepass_trigger
Set up a malicious KeePass trigger to export the database in cleartext.
lsassy
Dump lsass and parse the result remotely with lsassy
masky
Remotely dump domain user credentials via an ADCS and a KDC
teams_localdb
Retrieves the cleartext ssoauthcookie from the local Microsoft Teams database, if teams is open we kill all Teams process
wdigest
Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1
wireless
Get key of all wireless interfaces
