Impacket
Impacket Scripts
Windows
Table of Contents
Impacket-lookupsid
We can fetch some usernames through Windows SID bruteforcing. To do this we can use impacket's lookupsid as guest. The same command can also be run as anonymous.
impacket-lookupsid <USERNAME>@<IP> -no-pass -domain-sids | grep -i SidTypeUserImpacket-dcomexec
The impacket-dcomexec command is part of the Impacket toolkit and is used to execute commands on remote Windows systems via DCOM (Distributed Component Object Model) protocol.
Syntax
impacket-dcomexec [options] <target> <command>Example:
impacket-dcomexec -object MMC20 DOMAIN/USERNAME:'PASSWORD'@10.10.11.4 'PAYLOAD' -silentcommand Options
-object MMC20: Specifies the object to be invoked via DCOM. In this case, it's using MMC20, which is typically associated with Microsoft Management Console (MMC).-silentcommand: Executes the specified command silently without displaying any output on the target system.- Other options can include authentication parameters, such as username and password, if required.
Last updated on