Tool: CrackMapExec

Description

[CrackMapExec](https://attack.mitre.org/software/S0488), or CME, is a post-exploitation tool developed in Python and designed for penetration testing against networks. [CrackMapExec](https://attack.mitre.org/software/S0488) collects Active Directory information to conduct lateral movement through targeted networks.(Citation: CME Github September 2018)

External References

• mitre-attack
• CME Github September 2018

Techniques Used by This Tool

• T1003.002 — Security Account Manager
• T1003.003 — NTDS
• T1003.004 — LSA Secrets
• T1016 — System Network Configuration Discovery
• T1018 — Remote System Discovery
• T1047 — Windows Management Instrumentation
• T1049 — System Network Connections Discovery
• T1053.002 — At
• T1059.001 — PowerShell
• T1069.002 — Domain Groups
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1087.002 — Domain Account
• T1110 — Brute Force
• T1110.001 — Password Guessing
• T1110.003 — Password Spraying
• T1112 — Modify Registry
• T1135 — Network Share Discovery
• T1201 — Password Policy Discovery
• T1550.002 — Pass the Hash

APT Groups Using This Tool

• FIN7
• Dragonfly
• Ember Bear
• APT39
• MuddyWater