Now we’re in, and it’s time to expand our powers.
Post-Exploitation in Windows
CrackMapExec is our most excellent friend here. It’s a Windows/Active Directory exploration/exploitation tool that lets us walk their domain and machines and do whatever we damn well wanna. And it’s current as of this writing (2018).
Here’s a really good walk-through:
- Post-exploitation scanning and recon
- Automated authentication to multiple targets
- Enumerating shares
- Dumping SAM hashes
- Executing commands
CrackMapExec is a friggin’ Batmobile. (Screw “swiss army knife”: Batman keeps a dozen of those in the Batmobile.)
Get it at:
git clone https://github.com/byt3bl33d3r/CrackMapExec.git
Smbexec is a similar but older tool (last updated in 2015). It covers a set of features similar to CrackMapExec’s, and is a pretty sweet tool in its own right. Get a good description and installation instructions at:
git clone https://github.com/brav0hax/smbexec