Skip to content

live smbapi localgroup command

Jump to bottom
skelsec edited this page Apr 14, 2021 · 1 revision

What it does

Enumerates localgroups and members of those groups on the target(s) using windows API and the current user context.

Remarks

Each target's tcp/445 port will be connected to first and only the ones allowing the TCP connection will be actually enumerated.

Requirements

  • You might need to be administrator on the remote host for this depending on the settings.

Subcommands

  • enum : Enumerates all shares on the target(s)

Switches

  • -o: Writes the TGT to file in KIRBI format
  • --json : Print credentials in JSON format
  • -f : Targets file, one line per IP or hostname
  • -t : Target IP or hostname
  • --timout : Timeout for each target in seconds
  • --disable-pre-check : Disables pre-check to see if the remote destination is alive. Will make enumeration take years!
  • -g : Groupname on the remote host to enumerate the memberships of

Examples

  • pypykatz live smbapi localgroup enum -t 10.10.10.2: Enumerate the local administrators on host 10.10.10.2

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally