ivuorinen/cheatsheet-tldr
1
0
Fork 0
mirror of https://github.com/ivuorinen/cheatsheet-tldr.git synced 2026-03-21 07:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update cheatsheets

Browse Source
This commit is contained in:
ivuorinen
2025-03-11 00:18:27 +00:00
parent dc654e9ad5
commit 4ed84edbe1
9 changed files with 96 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tldr/getuserspns.py Normal file
View File

@@ -0,0 +1,30 @@
---
syntax: markdown
tags: [tldr, common]
source: https://github.com/tldr-pages/tldr.git
---
# GetUserSPNs.py
> Retrieve Service Principal Names (SPNs) associated with Active Directory user accounts.
> Part of the Impacket suite.
> More information: <https://github.com/fortra/impacket>.
- Enumerate user accounts with an SPN and request their Kerberos TGS tickets:
`GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}}`
- Use pass-the-hash authentication:
`GetUserSPNs.py {{domain}}/{{username}} -hashes {{LM_Hash}}:{{NT_Hash}} -dc-ip {{domain_controller_ip}}`
- Save the output to a file:
`GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}} -outputfile {{output_file}}`
- Request only TGS tickets:
`GetUserSPNs.py {{domain}}/{{username}}:{{password}} -dc-ip {{domain_controller_ip}} -request`
- Request only TGS tickets using pass-the-hash authentication:
`GetUserSPNs.py {{domain}}/{{username}} -dc-ip {{domain_controller_ip}} -hashes {{LM_Hash}}:{{NT_Hash}} -request`