# Linux

## **CrackMapExec**

```bash
# Domain User Enumeration
sudo crackmapexec smb ip -u eren -p pass --users

# Domain Group Enumeration
sudo crackmapexec smb ip -u eren -p pass --groups

# Logged On Users
sudo crackmapexec smb ip -u eren -p pass --loggedon-users

# Share Enumeration
sudo crackmapexec smb ip -u eren -p pass --shares

# Spider_plus to spider each directory looking for files
sudo crackmapexec smb ip -u eren -p pass -M spider_plus --share 'Share'
```

## **SMBMap**

```bash
# SMBMap To Check Access
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip

# Recursive List Of All Directories
smbmap -u eren -p pass -d DOMAIN.LOCAL -H ip -R 'Shares' --dir-only
```

## **rpcclient**

```bash
# RPCClient User Enumeration By RID
queryuser 0x457

# List all users
enumdomusers
```

## **Impacket Toolkit**

```bash
# Psexec.py
psexec.py domain.local/eren:'pass'@ip

# wmiexec.py
wmiexec.py domain.local/eren:'pass'@ip
```

## **Windapsearch**

```bash
# Domain Admins
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass --da

# Privileged Users
python3 windapsearch.py --dc-ip ip -u eren@domain.local -p pass -PU
```

## [**Bloodhound.py**](http://bloodhound.py)

* [custom Cypher queries](https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/)

```bash
# Executing BloodHound.py
sudo bloodhound-python -u 'eren' -p 'pass' -ns ip -d domain.local -c all

# Creating zip of json files
zip -r output.zip *.json
```