Impacket vs PetitPotam
GitHub Stats
About Impacket
Impacket is a collection of Python classes for working with network protocols, essential for Windows and Active Directory pentesting. It provides low-level programmatic access to protocols like SMB, RDP, and LDAP, enabling the development of custom network tools and exploitation scripts. Impacket's extensive support for protocol manipulation makes it a critical resource for security researchers and penetration testers targeting Windows-based environments.
About PetitPotam
PetitPotam is a tool that coerces Windows hosts into authenticating to an attacker-controlled server by abusing the Encrypting File System Remote Protocol (MS-EFSRPC). By sending specially crafted requests to the EfsRpcOpenFileRaw function (and similar EFS functions), PetitPotam forces the target machine to initiate an NTLM authentication to an arbitrary server specified by the attacker. When combined with NTLM relay attacks (via tools like ntlmrelayx from Impacket), this can be used to relay the authentication to Active Directory Certificate Services (AD CS) to obtain certificates, or to other services for privilege escalation. PetitPotam was a significant discovery because it works unauthenticated against domain controllers in many configurations, making it a critical vector for Active Directory domain compromise. Microsoft has issued patches, but many environments remain vulnerable.
Platform Support
Tags
Shared
Impacket only
PetitPotam only