GetNPUsers.py Explained (video)

Great video!

Type your comment> @VbScrub said:

@Seferan
Yeah by default anonymous ldap query can’t actually read anything from the domain, you have to kinda go out of your way to enable that. However all domain users can read pretty much everything from the domain, so I guess the password option in impacket is for if you’ve got valid domain user creds and want to use them to search the domain for users without pre authentication enabled. Maybe you get lucky and those accounts have more privs than the account you currently have.

Awesome, thanks…

Last question…I assume NP stands for No-PreAuth??? Any idea? Couldn’t find an immediate answer anywhere.

@Seferan yeah I assumed the same

Absolutely legend you are mate! :smiley Subscribing! keep up the great work!

Nice work @VbScrub, a very useful video, it is good to understand why this is a weakness and knowing what do do to prevent some of it.

Keep up the good work mate :smiley:

@acidbat @z3r0shred thanks for the positive feedback guys :smile: much appreciated

I liked it too. Thanks a lot.

Thanks for making this video. It really helped with understanding getnpusers. I do have to say that I’ve never actually seen a user in real life with preauthentication turned off or seen an application that requires it. I’m sure it must exist for Microsoft to keep supporting the option.

I’m a noob and I also suck at Windows boxes but your content has really helped on my learning experience. Thank you for all of the contributions you’ve made to the community!

@dreamerscoffee said:
Thanks for making this video. It really helped with understanding getnpusers. I do have to say that I’ve never actually seen a user in real life with preauthentication turned off or seen an application that requires it. I’m sure it must exist for Microsoft to keep supporting the option.

Yeah I find it pretty weird that the option even exists, as it completely destroys the security of any user account you enable it on. But there must be some legacy software out there that does kerberos auth but doesn’t do pre auth. Weirdly when you connect to an SMB share in windows, it first tries kerberos without pre auth, which fails and so then it tries it with pre auth. That’s still the case even in the latest version of Windows 10.

Great video! Thank you for sharing. I am always curious about how those tools work… Please consider making more of these explaination videos of common tools!

Subscribed! :wink:

Type your comment> @Chr0x6eOs said:

Great video! Thank you for sharing. I am always curious about how those tools work… Please consider making more of these explaination videos of common tools!

Subscribed! :wink:

Thanks :slight_smile: and yeah I will be making more very soon. If there’s any in particular you want to see videos on then let me know (windows only - I’m a noob when it comes to linux)

Type your comment> @VbScrub said:

Type your comment> @Chr0x6eOs said:

(Quote)
Thanks :slight_smile: and yeah I will be making more very soon. If there’s any in particular you want to see videos on then let me know (windows only - I’m a noob when it comes to linux)

Honestly any tool. I am not bad at linux, but an absolut windows noob. Everything you can teach is appreciated. :slight_smile:

Great tutorial on GetNPusers.py, very helpful in my first hack on AD. Something to note for those Linux users. The double quote will interpret the $ and try to interpret it, the end result is you will get an error about the hash. Use single quote. Thanks for the tutorial.

@endoftime yeah I’ve not tried it on Linux, but thanks for the tip. Good to know

Type your comment> @VbScrub said:

Recently seen a few comments from people saying they’d like to understand how the Impacket GetNPUsers script works and what exactly makes an account vulnerable to this kind of attack. So I made this video that hopefully helps :slight_smile:

https://www.youtube.com/watch?v=pZSyGRjHNO4

I hope you don’t mind @VbScrub, I had to give you a mention and share your video in my walkthrough. In my opinion you hit the nail explaining this and it’s worth watching so people understand this better.

@grav3m1ndbyte of course not :slight_smile: always glad to hear people are finding it useful and sharing it around

Type your comment> @grav3m1ndbyte said:

Type your comment> @VbScrub said:

Recently seen a few comments from people saying they’d like to understand how the Impacket GetNPUsers script works and what exactly makes an account vulnerable to this kind of attack. So I made this video that hopefully helps :slight_smile:

https://www.youtube.com/watch?v=pZSyGRjHNO4

I hope you don’t mind @VbScrub, I had to give you a mention and share your video in my walkthrough. In my opinion you hit the nail explaining this and it’s worth watching so people understand this better.

Thank you sir! :smiley:

Pulling my hair out here so if somebody know the issue that would be great.
Trying to run this but am getting errors when it hits the logger.

Traceback (most recent call last):
File “./GetNPUsers.py”, line 397, in
logger.init(options.ts)
TypeError: init() takes no arguments (1 given)

I havent specified an argument regardless of what it says. Ran as per your demonstration.

Great video, this helped me out with a foothold on a current box. Very well explained. I’ll have to sub to your channel on YouTube.