Description
Part of the Impacket network tool suite – enumerates all the AD users provided you have valid creds.
| Platform | Python |
| Author | SecureAuth Corporation |
| License | Modified Apache License 1.1 |
| URL | https://www.secureauth.com/labs/open-source-tools/impacket/ |
Usage
Impacket v0.9.23 - Copyright 2021 SecureAuth Corporation
usage: GetADUsers.py [-h] [-user username] [-all] [-ts] [-debug]
[-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey hex key]
[-dc-ip ip address]
target
Queries target domain for users data
positional arguments:
target domain/username[:password]
optional arguments:
-h, --help show this help message and exit
-user username Requests data for specific user
-all Return all users, including those with no email
addresses and disabled accounts. When used with -user
it will return user's info even if the account is
disabled
-ts Adds timestamp to every logging output
-debug Turn DEBUG output ON
authentication:
-hashes LMHASH:NTHASH
NTLM hashes, format is LMHASH:NTHASH
-no-pass don't ask for password (useful for -k)
-k Use Kerberos authentication. Grabs credentials from
ccache file (KRB5CCNAME) based on target parameters.
If valid credentials cannot be found, it will use the
ones specified in the command line
-aesKey hex key AES key to use for Kerberos Authentication (128 or 256
bits)
-dc-ip ip address IP Address of the domain controller. If ommited it use
the domain part (FQDN) specified in the target
parameterExamples
GetADUsers.py hiboxy.com/bgreen:Password1 -dc-ip x.x.x.x -all | tee /tmp/adusers.txt
This command will enumerate all users in the hiboxy domain using the creds for bgreen.
Impacket v0.9.23 - Copyright 2021 SecureAuth Corporation
[*] Querying 10.130.10.4 for information about domain.
Name Email PasswordLastSet LastLogon
-------------------- ------------------------------ ------------------- -------------------
Administrator 2022-03-14 14:24:35.183246 2022-03-14 14:24:39.485072
Guest <never> <never>
SROCAdmin 2022-03-14 14:24:43.164622 <never>
krbtgt 2022-03-14 14:31:12.537996 <never>
SVC_SQLService SVC_SQLService@hiboxy.com 2022-03-14 14:32:16.637564 <never>
SVC_SQLService2 2022-03-14 14:32:16.778834 <never>
krosterman 2022-03-14 14:32:16.841622 <never>
smorgan smorgan@hiboxy.com 2022-03-14 14:32:16.904391 <never>
tduncan tduncan@hiboxy.com 2022-03-14 14:32:16.951489 2022-03-14 14:36:23.957238
antivirus 2022-03-14 14:32:17.861892 <never>
aallen 2022-03-14 14:32:17.940372 <never>
aalvarado 2022-03-14 14:32:18.018868 <never>
abaird 2022-03-14 14:32:18.097351 <never>
...
wortega 2022-03-14 14:32:58.110061 <never>
wrobinson 2022-03-14 14:32:58.188474 <never>
wstanley 2022-03-14 14:32:58.251129 <never>
wwade 2022-03-14 14:32:58.329487 <never>
wwilson 2022-03-14 14:32:58.392172 <never>
zclayton 2022-03-14 14:32:58.470533 <never>
$VJ1000-O3GM981V807M <never> <never>
SM_aaa538fcd9a742de9 SystemMailbox{1f05a927-b919-458d-bebd-92c52421d9be}@hiboxy.com <never> <never>
SM_92d45bee00ee49769 SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@hiboxy.com <never> <never>
SM_1f4403d8339543fcb SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}@hiboxy.com <never> <never>
SM_54e3d4f14fe84c84a DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}@hiboxy.com <never> <never>
SM_035c725ae06c4cf38 Migration.8f3e7716-2011-43e4-96b1-aba62d229136@hiboxy.com <never> <never>
SM_fbadcdb332e74005a FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@hiboxy.com <never> <never>
SM_f804d6dd51144fc5a SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}@hiboxy.com <never> <never>
SM_ea5a510e6bfd4c758 SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}@hiboxy.com <never> <never>
SM_76b5d049aad445e4a SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@hiboxy.com <never> <never>
HealthMailboxf81d76d HealthMailboxf81d76db0dbd441ba35044828baa42e7@hiboxy.com 2022-03-14 15:16:49.293057 2022-03-15 23:54:55.305462
HealthMailboxd31f130 HealthMailboxd31f130f2c6748c0a6f57fcfb3beec46@hiboxy.com 2022-03-14 15:16:54.265986 2022-03-15 21:43:19.596318Blog Posts