← 返回命令列表

Linux command

impacket-getadusers 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Enumerate all domain users

impacket-getadusers -all '[domain]/[user]:[password]'

Query users

impacket-getadusers -all -dc-ip [192.168.1.100] '[domain]/[user]:[password]'

Get users using NTLM hash

impacket-getadusers -all -hashes ':[nthash]' '[domain]/[user]'

Enumerate users via Kerberos

impacket-getadusers -all -k -no-pass '[domain]/[user]'

Output user information

impacket-getadusers -all -dc-ip [192.168.1.100] '[domain]/[user]:[password]' 2>/dev/null

说明

impacket-getadusers queries Active Directory via LDAP to enumerate user accounts and their attributes. It retrieves information such as usernames, last logon times, password last set dates, and account status flags. The tool is useful for reconnaissance during penetration tests to identify potential targets, find accounts with old passwords, or discover service accounts. Output includes the SAM account name, badPwdCount, and other relevant security attributes.

参数

-all
Return all users in the domain
-user _USERNAME_
Query information for a specific user only
-dc-ip _IP_
IP address of the domain controller
-dc-host _HOSTNAME_
Hostname of the domain controller (used for Kerberos)
-hashes _LMHASH:NTHASH_
Use NTLM hashes for authentication instead of password
-no-pass
Don't ask for password (useful with -k or -hashes)
-k
Use Kerberos authentication from ccache file
-aesKey _KEY_
AES key to use for Kerberos authentication

FAQ

What is the impacket-getadusers command used for?

impacket-getadusers queries Active Directory via LDAP to enumerate user accounts and their attributes. It retrieves information such as usernames, last logon times, password last set dates, and account status flags. The tool is useful for reconnaissance during penetration tests to identify potential targets, find accounts with old passwords, or discover service accounts. Output includes the SAM account name, badPwdCount, and other relevant security attributes.

How do I run a basic impacket-getadusers example?

Run `impacket-getadusers -all '[domain]/[user]:[password]'` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -all do in impacket-getadusers?

Return all users in the domain