Offensive Security Tool: CrackMapExec

by | Dec 3, 2020 | Tools

Post Views: 7,311

Premium Content

Subscribe to Patreon to watch this episode.

Reading Time: 5 Minutes

Offensive Security Tool: CrackMapExec

Github Link

CrackMapExec

Acknowledgments

(These are the people who did the hard stuff)

This project was originally inspired by:

Unintentional contributors:

The Empire project
@T-S-A’s smbspider script
@ConsciousHacker’s partial Python port of Invoke-obfuscation from the GreatSCT project

CrackMapExec

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve it’s functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.

CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques.

Although meant to be used primarily for offensive purposes (e.g. ~~red teams,~~ internal pentest), CME can be used by blue teams as well to assess account privileges, find possible misconfigurations and simulate attack scenarios.

This repository contains the following repositories as submodules:

Installation for Unix

Installation of CrackMapExec on Unix system

Installation

You should only install from source if you intend to hack on the source code and/or submit a PR!

If you just intend on using the tool, get the binaries!

APT package Kali Linux only

From apt using Kali Linux

#~ apt install crackmapexec

Python Package

It’s highly recommended you use Pipx to install CME as it isolates all its dependencies for you and eliminates 90% of all problems you’ll usually encounter while installing it this way.

#~ python3 -m pip install pipx

#~ pipx ensurepath

#~ pipx install crackmapexec

Binaries

You should be using the binaries in 99% of the cases as it requires no installation (outside of Python 3 itself).

Go to the actions tab (at the top of the repo), click on the latest build and download the appropriate binary according to your OS.

Binaries are compiled for python3.8

byt3bl33d3r/CrackMapExec

A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.

github.com

Releases · byt3bl33d3r/CrackMapExec

A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.

github.com

Note: you need to be logged into Github in order to download the binaries from the Actions feature

Installing from Source

You should only install from source if you intend on making changes to the code and/or submitting a PR

Please note the --recursive flag passed to the git clone command. This flag will make git automatically download all of the sub-modules CME depends on. Without this flag installation will fail and heads might explode.

You’re going to need to install Poetry which is what CME uses to manage dependencies.

#~ apt-get install -y libssl-dev libffi-dev python-dev build-essential

#~ git clone –recursive https://github.com/byt3bl33d3r/CrackMapExec

#~ cd CrackMapExec

#~ poetry install

#~ poetry run crackmapexec