6 Powerful Things You Can Do with nxc [former crackmapexec]

Pentesting tools have come a long way, and nxc (formerly known as CrackMapExec) remains a favorite among cybersecurity professionals. Its versatility makes it ideal for network reconnaissance, exploitation, and Active Directory attacks. If you're new to nxc or want to maximize its potential, here are six powerful ways you can use it during pentests.

Some of these techniques may or may not work, depending of what permissions the user may have or if the port is open or not. This is something to keep in mind.

1. Network Sweeping

Network sweeping helps identify active hosts on a network, providing a quick overview of which machines are running SMB services. Use this command to scan an entire subnet:

This simple scan gives you visibility into SMB-enabled hosts, setting the stage for further probing.

nxc smb [NETWORK_CIDR]

2. Password Spraying (Spray and Pray)

For environments where you have a list of potential users, password spraying is an effective technique. Use nxc to test a common password across all users and keep going even on successful attempts:

nxc smb [TARGET_IP] -u listusers -p welcome2019 --continue-on-success