LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Complete Guide to Penetration Testing

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Use CrackMapExec to access and enumerate AD

Use CrackMapExec to access and enumerate AD

From the course: Complete Guide to Penetration Testing

Start my 1-month free trial Buy for my team

Use CrackMapExec to access and enumerate AD

“

- [Instructor] Another tool we can use to enumerate and gain access to Active Directory is CrackMapExec. CrackMapExec can scan a subnet to identify access points using SSH, SMB, LDAP, WinRM, and M&MS SQL. When running an SMB scan across a subdomain without credentials, CrackMapExec can identify which targets are able to be accessed and identify the domain. We've already installed CrackMapExec in our Carly testing workstation. So let's run this across our local domain. CrackMapExec, and we'll use its SMB capability 192.168.1.0/24 across the whole subnet. Running this returns a number of entries, including non-domain systems, domain workstations, and 192 168 1 199, which is the domain controller for cybex.com. If we have a password hash, and we haven't been able to crack it, we can use CrackMapExec to access the domain using the hash. For example, we've extracted akatt42's password hash, so we can sign in using CrackMapExec smb 192.168.1.199, which is our domain controller, - u…

Contents

- (Locked)
  
  Next steps
  
  1m 11s