Impacket

Impacket is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols. Impacket contains several tools for remote service execution, Kerberos manipulation, Windows credential dumping, packet sniffing, and relay attacks.[1]

ID: S0357
Type: TOOL
Contributors: Jacob Wilkin, Trustwave, SpiderLabs

Platforms: Linux, macOS, Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1003Credential DumpingSecretsDump and Mimikatz modules within Impacket can perform credential dumping to obtain account and password information.[1]
EnterpriseT1208KerberoastingImpacket modules like GetUserSPNs can be used to get Service Principal Names (SPNs) for user accounts. The output is formatted to be compatible with cracking tools like John the Ripper and Hashcat.[1]
EnterpriseT1171LLMNR/NBT-NS Poisoning and RelayImpacket modules like ntlmrelayx and smbrelayx can be used in conjunction with Network Sniffing and LLMNR/NBT-NS Poisoning and Relay to gather NetNTLM credentials for Brute Force or relay attacks that can gain code execution.[1]
EnterpriseT1040Network SniffingImpacket can be used to sniff network traffic via an interface or raw socket.[1]
EnterpriseT1035Service ExecutionImpacket contains various modules emulating other service execution tools such as PsExec.[1]
EnterpriseT1047Windows Management InstrumentationImpacket's wmiexec module can be used to execute commands through WMI.[1]

Groups

Groups that use this software:

Dragonfly 2.0
menuPass

References