Hacking Articles

Raj Chandel's Blog

Author Web Penetration Testing Penetration Testing Courses We Offer My Books Donate us

Beginner Guide to impacket Tool kit Search

ENTER KEYWORD
posted in PENETRATION TESTING on JUNE 17, 2018 by RAJ CHANDEL  SHARE

Impacket is a collection of Python classes for working with network protocols. Impacket is
Subscribe to Blog via
focused on providing low-level programmatic access to the packets and for some protocols
Email
(e.g. SMB1-3 and MSRPC). According to the Core Security Website, Impacket supports
protocols like IP, TCP, UDP, ICMP, IGMP, ARP, IPv4, IPv6, SMB, MSRPC, NTLM, Kerberos, Email Address
WMI, LDAP etc.
SUBSCRIBE
For the following practical we will require two systems,

1. A Windows Server with Domain Controller Con gured

2. A Kali Linux

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Here, in our lab scenario we have con gured the following settings on our systems.
    
Windows Server Details

Domain: SERVER
User: Administrator
Password: T00r
IP Address: 192.168.1.140

Kali Linux: 192.168.1.135

Before beginning with the Impacket tools, let’s do a Nmap version scan on the target
windows server to get the information about the services running on the Windows Server.
1 nmap -sV 192.168.1.140

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Categories
 BackTrack 5 Tutorials

 Best of Hacking
 Browser Hacking

 Cryptography & Stegnography

 CTF Challenges

 Cyber Forensics

 Database Hacking
 Domain Hacking

 Email Hacking

 Footprinting
 Hacking Tools

 Kali Linux

 Nmap
 Others
As you can see in the above screenshot, we have domain services, Kerberos Services,
 Penetration Testing
Netbios Services, LDAP services and Windows RPC services.
 Social Engineering Toolkit
Now let’s install the Impacket tools from GitHub. You can get it from here.
 Trojans & Backdoors
Firstly, clone the git, and then install the Impacket as shown in the screenshot.
 Uncategorized
1 git clone https://github.com/CoreSecurity/impacket.git
 Website Hacking
2 cd impacket/
3 python setup.py install  Window Password Hacking

 Windows Hacking Tricks

 Wireless Hacking

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
  Youtube Hacking

Articles
Select Month 

Facebook Page
Ignite Technolo…
5.2K likes

Like Page

Be the first of your friends to like this

This will install Impacket on your Kali Linux, now after installation let’s look at what
different tools does Impacket have in its box.

cd impacket/examples

These are the some of the tools included in impacket, let’s try some of them.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Ping.py
Simple ICMP ping that uses the ICMP echo and echo-reply packets to check the status of a
host. If the remote host is up, it should reply to the echo probe with an echo-reply packet.

./ping.py

Syntax: ./ping.py [Source IP] [Destination IP]

1 ./ping.py 192.168.1.135 192.168.1.140

Here we can see that we are getting the ICMP reply from 192.168.1.140 (Windows Server)

Lookupsid.py
A Windows SID bruteforcer example through [MS-LSAT] MSRPC Interface, aiming at
nding remote users/groups.

./lookupsid.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: ./lookupsid.py [[domain/] username [: password] @] [Target IP Address]
1 ./lookupsid.py SERVER/Administrator: [email protected]

As you can see that the lookupsid tool had extracted the user and group information from
the server

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Psexec.py
It lets you execute processes on remote windows systems, copy les on remote systems,
process their output and stream it back. It allows execution of remote shell commands
directly with full interactive console without having to install any client software.

./psexec.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: ./psexec.py [[domain/] username [: password] @] [Target IP Address]
1 ./psexec.py SERVER/Administrator: [email protected]

As you can see that we got a remote shell of the server in the given screenshot

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Rpcdump.py
This script will dump the list of RPC endpoints and string bindings registered at the target.
It will also try to match them with a list of well-known endpoints.

./rpcdump.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: ./rpcdump.py [[domain/] username [: password] @] [Target IP Address]
1 ./rpcdump.py SERVER/Administrator: [email protected]

As you can see below we have the list of RPC targets

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Samrdump.py
An application that communicates with the Security Account Manager Remote interface
from the MSRPC suite. It lists system user accounts, available resource shares and other
sensitive information exported through this service.

./samrdump.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: ./samrdump.py [[domain/] username [: password] @] [Target IP Address]
1 ./samrdump.py SERVER/Administrator: [email protected]

As you can see below we have extracted SAM information form the Target Server

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Sniff.py
Simple packet sniffer that uses the pcapy library to listen for packets in transit over the
speci ed interface.

. /sniff.py

Choose the interface using the number associated with it. And the snif ng starts.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Sniffer.py
Simple packet sniffer that uses a raw socket to listen for packets in transit corresponding to
the speci ed protocols.

. /sniffer.py

And the sniffer starts to monitor icmp, tcp and udp

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Wmiexec.py
It generates a semi-interactive shell, used through Windows Management
Instrumentation. It does not require to install any service/agent at the target server. It runs
as Administrator. It is highly stealthy.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 ./wmiexec.py

Syntax: ./wmiexec.py [[domain/] username [: password] @] [Target IP Address]

1 ./wmiexec.py SERVER/Administrator: [email protected]

As you can se below that we have the shell from the Target Server

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Wmiquery.py
It allows to issue WQL queries and get description of WMI objects at the target system.

./wmiquery.py

Syntax: ./wmiquery.py [[domain/] username [: password] @] [Target IP Address]

1 ./wmiquery.py SERVER/Administrator: [email protected]

This will open a shell, where you can run WQL queries like
1 SELECT * FROM Win32_LogicalDisk WHERE FreeSpace < 209152

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Atexec.py
This example executes a command on the target machine through the Task Scheduler
service and returns the output of the executed command.

./atexec.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: /atexec.py [[domain/] username [: password] @] [Target IP Address] [Command]
1 ./atexec.py SERVER/Administrator: [email protected] systeminfo

As you can see below that a remote connection was established to the server and the
command systeminfo was run on the Target server with the output of the command
delivered on the Kali terminal.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 getArch.py
This script will connect against a target (or list of targets) machine/s and gather the OS
architecture type installed by (ab) using a documented MSRPC feature.

./getArch.py

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 Syntax: ./getArch.py -target [IP Address]

Command: ./getArch.py -target 192.168.1.140

Here we can see that the architecture of the target system is 64-bit

Ifmap
This script will bind to the target’s MGMT interface to get a list of interface IDs. It will use
that list on top of another list of interfaces UUID and reports whether the interface is listed
and/or listening.

Syntax: ./ifmap.py [Host IP Address] [Port]

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 1 ./ifmap.py 192.168.1.140 135
2 ./ifmap.py 192.168.1.140 49154

Author: Pavandeep Singh is a Technical Writer, Researcher and Penetration Tester

Contact here

Share this:

  
Like this:

Loading...

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 ABOUT THE AUTHOR

RAJ CHANDEL
Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking
Industry. At present other than his name he can also be called as An Ethical Hacker,
A Cyber Security Expert, A Penetration Tester. With years of quality Experience in
IT and software industry

PREVIOUS POST NEXT POST

← LINUX PRIVILEGE ESCALATION HACK THE BOX CHALLENGE:
USING LD_PRELOAD CHATTERBOX WALKTHROUGH →

1 Comment → BEGINNER GUIDE TO IMPACKET TOOL KIT

FIRDOSH ANSARI June 26, 2018 at 9:27 am

Sir You article is so nice and this website is os useful for education

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 REPLY ↓

Leave a Reply
Your email address will not be published. Required elds are marked *

Comment

Name *

Email *

Website


Save my name, email, and website in this browser for the next time I comment.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 POST COMMENT

 Notify me of follow-up comments by email.

 Notify me of new posts by email.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD