Impacket
Impacket is a Python3 module for crafting and decoding network packets. It supports low-level protocols like IP, UDP, TCP and higher-level ones like NMB and SMB.
Description
Impacket provides Python3 developers with classes to easily build and dissect network protocols. It enables crafting packets from scratch or parsing raw data, making it highly effective with packet capture utilities like Pcapy. The object-oriented API simplifies handling deep protocol hierarchies.
Use cases include network protocol analysis, penetration testing, and post-exploitation tasks such as dumping credentials or executing remote commands. Tools like impacket-secretsdump extract secrets from remote machines without agents, while impacket-wmiexec provides semi-interactive shells via WMI.
Impacket integrates authentication methods like NTLM hashes, Kerberos, and AES keys, supporting domain and target-specific operations.
How It Works
Impacket uses Python3 classes to construct and parse network packets at various layers, from IP/UDP/TCP to SMB/NMB. It leverages SMB, RPC, WMI, and Kerberos for remote interactions, dumping endpoints via epmapper, extracting SAM/NTDS data, or executing commands. Authentication supports hashes, tickets from ccache, keytabs, and direct credentials.
Installation
sudo apt install python3-impacketFlags
Examples
impacket-netview -himpacket-rpcdump -himpacket-samrdump -himpacket-secretsdump -himpacket-wmiexec -himpacket-netview [domain/]username[:password]impacket-rpcdump [[domain/]username[:password]@]<targetName or address>