[ Pen Testing ] :: Step by Step: Post-Exploitation


Now we’re in, and it’s time to expand our powers.

Post-Exploitation in Windows

CrackMapExec is our most excellent friend here. It’s a Windows/Active Directory exploration/exploitation tool that lets us walk their domain and machines and do whatever we damn well wanna. And it’s current as of this writing (2018).

Here’s a really good walk-through:

It handles:

  • Post-exploitation scanning and recon
  • Automated authentication to multiple targets
  • Enumerating shares
  • Dumping SAM hashes
  • Executing commands

CrackMapExec is a friggin’ Batmobile. (Screw “swiss army knife”: Batman keeps a dozen of those in the Batmobile.)

Get it at:


git clone https://github.com/byt3bl33d3r/CrackMapExec.git

Smbexec is a similar but older tool (last updated in 2015). It covers a set of features similar to CrackMapExec’s, and is a pretty sweet tool in its own right. Get a good description and installation instructions at:


git clone https://github.com/brav0hax/smbexec