Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

CrackMapExec

CrackMapExec, or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. CrackMapExec collects Active Directory information to conduct lateral movement through targeted networks.(Citation: CME Github September 2018)
ID: S0488
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 17 Jul 2020
Last Modified: 14 Mar 2024

Techniques Used

Domain ID Name Use
Enterprise T1087 .002 Account Discovery: Domain Account

CrackMapExec can enumerate the domain user accounts on a targeted system.(Citation: CME Github September 2018)

Enterprise T1110 .001 Brute Force: Password Guessing

CrackMapExec can brute force passwords for a specified user on a single target system or across an entire network.(Citation: CME Github September 2018)

.003 Brute Force: Password Spraying

CrackMapExec can brute force credential authentication by using a supplied list of usernames and a single password.(Citation: CME Github September 2018)

Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

CrackMapExec can execute PowerShell commands via WMI.(Citation: CME Github September 2018)

Enterprise T1003 .002 OS Credential Dumping: Security Account Manager

CrackMapExec can dump usernames and hashed passwords from the SAM.(Citation: CME Github September 2018)

.003 OS Credential Dumping: NTDS

CrackMapExec can dump hashed passwords associated with Active Directory using Windows' Directory Replication Services API (DRSUAPI), or Volume Shadow Copy.(Citation: CME Github September 2018)

.004 OS Credential Dumping: LSA Secrets

CrackMapExec can dump hashed passwords from LSA secrets for the targeted system.(Citation: CME Github September 2018)

Enterprise T1069 .002 Permission Groups Discovery: Domain Groups

CrackMapExec can gather the user accounts within domain groups.(Citation: CME Github September 2018)

Enterprise T1053 .002 Scheduled Task/Job: At

CrackMapExec can set a scheduled task on the target system to execute commands remotely using at.(Citation: CME Github September 2018)

Enterprise T1550 .002 Use Alternate Authentication Material: Pass the Hash

CrackMapExec can pass the hash to authenticate via SMB.(Citation: CME Github September 2018)

Groups That Use This Software

ID Name References
G0087 APT39

(Citation: FireEye APT39 Jan 2019) (Citation: BitDefender Chafer May 2020)

G0046 FIN7

(Citation: CrowdStrike Carbon Spider August 2021)

G1003 Ember Bear

(Citation: CISA GRU29155 2024)

(Citation: Mandiant Cutting Edge Part 2 January 2024)

G0074 Dragonfly 2.0

(Citation: US-CERT TA18-074A)

G0035 Dragonfly

(Citation: Secureworks IRON LIBERTY July 2019) (Citation: US-CERT TA18-074A)

G0069 MuddyWater

(Citation: TrendMicro POWERSTATS V3 June 2019) (Citation: Symantec MuddyWater Dec 2018)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.