CrackMapExec: Network Security Audit and Privilege Escalation Tool

Network security is a vital component of today’s information technology infrastructures. Preventing attackers from infiltrating your network and testing existing defense mechanisms are among the core responsibilities of security professionals. CrackMapExec (CME), a tool developed for such requirements, serves as a robust solution for network security auditing and privilege escalation.

What is CrackMapExec?

CrackMapExec (CME) is an open-source tool commonly used during network security testing and attack simulations. Developed by Byt3bl33d3r, this tool can operate on both Windows and Linux operating systems and supports various protocols such as SMB, WinRM, SSH, LDAP, and more. CME can be utilized to swiftly and effectively gain access to networks, identify vulnerabilities, and carry out privilege escalation attacks.

Features of CrackMapExec

CrackMapExec boasts several powerful features:

  1. Multi-Protocol Support: CME supports a variety of protocols, enabling its use across different systems and network architectures.
  2. Username and Password Authentication: It can perform logon attempts with specific usernames and passwords, and even utilize username and password files for bulk attempts.
  3. Share Enumeration and File Access: The ability to list shares and gain access over SMB poses significant security risks for users, and CME can be used to identify such vulnerabilities.
  4. SAM File Acquisition: CME can retrieve the SAM (Security Account Manager) file from machines in the target network, which contains local user account information.
  5. DNS Resolution: CME can be employed to resolve IP addresses and hostnames within the target network.

CrackMapExec (CME) Cheat Sheet

  • Installation
$ pip install crackmapexec
  • Options:
    • -u, --username: Specify the username.
    • -p, --password: Specify the password.
    • -U, --userfile: Username file.
    • -P, --passfile: Password file.
    • -c, --credz: File containing login credentials.
    • -d, --domain: Target domain.
    • -D, --dns: For DNS resolution.
    • -M, --module: Execute a specific module (e.g., smb, winrm, etc.).
    • -o, --output: Path for output file.
    • -h, --help: Show help menu.
  • Modules:
    • smb: For checking SMB shares and user credentials.
    • winrm: Provides access to target systems via Windows Remote Management (WinRM).
    • rdp: For Remote Desktop Protocol (RDP) access.
    • ssh: For Secure Shell (SSH) access.
    • ldap: For Lightweight Directory Access Protocol (LDAP) access.
    • mssql: Provides access to Microsoft SQL Servers.
    • http: For HTTP access.

Examples of Using CrackMapExec

network firewall security
  • Basic Scanning
  • Attempt Logon with Specific Username and Password:
crackmapexec smb -u username -p password
  • Logon Attempt Using Username and Password Files:
crackmapexec smb -U usernames.txt -P passwords.txt
  • List All Shares
crackmapexec smb --shares
  • Retrieve SAM File:
crackmapexec smb --sam
  • Logon Attempt Using a Specific Module:
crackmapexec winrm -u username -p password
  • DNS Resolution:
crackmapexec -D

These examples should give you an idea of how CrackMapExec can be used in different scenarios. However, more complex commands may be required depending on the real-world usage.


CrackMapExec is a powerful tool for network security testing and privilege escalation attacks. However, the legal and ethical use of such tools is paramount. Unauthorized access or attempted attacks are illegal and can have serious consequences. Therefore, it is essential to always operate within legal and ethical boundaries when using such tools.

1 thought on “CrackMapExec: Network Security Audit and Privilege Escalation Tool”

  1. What i do not understood is in truth how you are not actually a lot more smartlyliked than you may be now You are very intelligent You realize therefore significantly in the case of this topic produced me individually imagine it from numerous numerous angles Its like men and women dont seem to be fascinated until it is one thing to do with Woman gaga Your own stuffs nice All the time care for it up


Leave a Comment

Join our Mailing list!

Get all latest news, exclusive deals and academy updates.