cme_smb
Enumerate SMB shares, users, groups, and sessions; dump SAM, LSA, and NTDS credentials; execute commands via SMB with pass-the-hash and Kerberos support.
Instructions
Execute SMB protocol operations with NetExec/CrackMapExec. Supports enumeration of shares, users, groups, sessions, credential dumping (SAM, LSA, NTDS), and command execution.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| targets | Yes | Target IP, hostname, CIDR range, or file path | |
| username | No | Username or file path to usernames | |
| password | No | Password or file path to passwords | |
| hash | No | NTLM hash for pass-the-hash | |
| domain | No | Domain name | |
| localAuth | No | Use local authentication | |
| kerberosAuth | No | Use Kerberos authentication | |
| port | No | SMB port (default: 445) | |
| threads | No | Concurrent threads | |
| shares | No | Enumerate shares | |
| users | No | Enumerate domain users | |
| groups | No | Enumerate domain groups | |
| loggedOnUsers | No | Enumerate logged on users | |
| sessions | No | Enumerate active sessions | |
| disks | No | Enumerate disks | |
| passPolicy | No | Dump password policy | |
| rid | No | RID brute force enumeration | |
| sam | No | Dump SAM hashes | |
| lsa | No | Dump LSA secrets | |
| ntds | No | Dump NTDS.dit hashes (requires DC) | |
| execCmd | No | Execute cmd command | |
| execPowershell | No | Execute PowerShell command | |
| execMethod | No | Execution method: wmiexec, smbexec, atexec, mmcexec | |
| module | No | Module to run | |
| moduleOptions | No | Module options (KEY=VALUE format) | |
| verbose | No | Verbose output | |
| debug | No | Debug output |