LinuxCommandLibrary

impacket-addcomputer

tool from the Impacket library that allows adding or removing computer

TLDR

Add a computer account to the domain using default credentials

$ impacket-addcomputer -computer-name '[NEWPC$]' -computer-pass '[Password123]' '[domain]/[user]:[password]'
copy
Add a computer account specifying the domain controller IP
$ impacket-addcomputer -computer-name '[NEWPC$]' -dc-ip [192.168.1.100] '[domain]/[user]:[password]'
copy
Add a computer using LDAPS (secure connection)
$ impacket-addcomputer -computer-name '[NEWPC$]' -use-ldaps '[domain]/[user]:[password]'
copy
Add a computer using Kerberos authentication with a ticket
$ impacket-addcomputer -computer-name '[NEWPC$]' -k -no-pass '[domain]/[user]'
copy
Delete a computer account from the domain
$ impacket-addcomputer -computer-name '[TARGETPC$]' -delete '[domain]/[user]:[password]'
copy

SYNOPSIS

impacket-addcomputer [-h] [-computer-name NAME] [-computer-pass PASSWORD] [-no-add] [-delete] [-dc-ip IP] [-dc-host HOSTNAME] [-use-ldaps] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey KEY] target

DESCRIPTION

impacket-addcomputer is a tool from the Impacket library that allows adding or removing computer accounts in an Active Directory domain. By default, domain users can add up to 10 computer accounts (controlled by the ms-DS-MachineAccountQuota attribute), making this useful for penetration testing scenarios.
The tool communicates with the domain controller via LDAP or SAMR protocols to create machine accounts. Created computer accounts can then be used for various attack techniques including resource-based constrained delegation attacks.

PARAMETERS

-computer-name NAME

Name of the computer account to add (should end with $)
-computer-pass PASSWORD
Password for the new computer account
-delete
Delete the specified computer account instead of adding
-no-add
Don't add a computer, only set its password (requires existing account)
-dc-ip IP
IP address of the domain controller
-dc-host HOSTNAME
Hostname of the domain controller
-use-ldaps
Use LDAPS instead of LDAP
-hashes LMHASH:NTHASH
Use NTLM hashes for authentication instead of password
-no-pass
Don't ask for password (useful with -k)
-k
Use Kerberos authentication from ccache file
-aesKey KEY
AES key to use for Kerberos authentication

CAVEATS

Requires valid domain credentials with permissions to create computer accounts. The default ms-DS-MachineAccountQuota may be set to 0 in hardened environments. Computer names should follow NetBIOS naming conventions and typically end with a dollar sign ($).

HISTORY

Impacket was created by SecureAuth (formerly Core Security) as a collection of Python classes for working with network protocols. The addcomputer script was added to support Active Directory penetration testing workflows, particularly after research into resource-based constrained delegation attacks became prominent around 2018-2019.

SEE ALSO

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community