Cheatsheet
  • Documentation
  • Nmap
  • Ffuf
  • FTP
  • SMB
  • RPC
  • NFS
  • DNS
  • SMTP
  • IMAP / POP3
  • SNMP
  • SQL
  • Rsync
  • Certipy
  • CrackMapExec
  • Transferring Files
  • Windows Remote Management
  • Windows AV
  • Wordpress
  • Infrastructure Enumeration
  • Privilege Escalation
  • Docker Breakout
  • Shells
  • SSTI
  • XSS
  • Pivot
    • SSH Tunneling
    • Chisel
    • Ligolo-ng
    • Meterpreter
  • LDAP
  • Spray
  • Antivirus / EDR
  • Impacket
  • Bloodhound
  • Powershell
  • Kerberosting
  • Password Attacks
  • Command Injections
  • Sliver C2
  • Windows credentials
  • Windows persistance
  • VSCode Debug
Powered by GitBook
On this page
  • Remote connection
  • getTGT

Impacket

Remote connection

The tool creates a remote service by uploading a randomly-named executable to the ADMIN$ share on the target host.

psexec.py qu35t.pw/qu35t:'Password1!'@10.10.10.10

Wmiexec.py utilizes a semi-interactive shell where commands are executed through Windows Management Instrumentation.

wmiexec.py qu35t.pw/qu35t:'Password1!'@10.10.10.10

getTGT

getTGT.py qu35t.pw/qu35t
export KRBCCNAME=qu35t.ccache
PreviousAntivirus / EDRNextBloodhound

Last updated 2 years ago