lilith/tldr
1
0
Fork 0
mirror of https://github.com/tldr-pages/tldr.git synced 2025-04-22 08:02:08 +02:00
Code Activity
tldr/pages/common/getuserspns.py.md
Machiavelli c8d735d549
GetUserSPNs.py, impacket-GetUserSPNs: add page (#15881) 
* Create getuserspns.py.md

* Create impacket-getuserspns.md

* Update getuserspns.py.md

Trivial mistake.
2025-03-10 08:57:57 +02:00

954 B
Raw Permalink Blame History

GetUserSPNs.py

Retrieve Service Principal Names (SPNs) associated with Active Directory user accounts. Part of the Impacket suite. More information: https://github.com/fortra/impacket.

  • Enumerate user accounts with an SPN and request their Kerberos TGS tickets:

GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}}

  • Use pass-the-hash authentication:

GetUserSPNs.py {{domain}}/{{username}} -hashes {{LM_Hash}}:{{NT_Hash}} -dc-ip {{domain_controller_ip}}

  • Save the output to a file:

GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}} -outputfile {{output_file}}

  • Request only TGS tickets:

GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}} -request

  • Request only TGS tickets using pass-the-hash authentication:

GetUserSPNs.py {{domain}}/{{username}} -dc-ip {{domain_controller_ip}} -hashes {{LM_Hash}}:{{NT_Hash}} -request