impacket-getarch

Determine the architecture of a remote system

TLDR

View documentation for the original command

$ tldr getArch.py

SYNOPSIS

impacket-getarch [-debug] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey HEXKEY] [-target-ip IP] [-dc-ip IP] <target> [{target}]

-debug
    Turn DEBUG output ON

-hashes LMHASH:NTHASH
    NTLM hash(es) in format LMHASH:NTHASH for authentication

-no-pass
    Try authentication with null password (empty hash)

-k
    Use Kerberos authentication; grabs credentials from ccache file (KRB5CCNAME)

-aesKey HEXKEY
    Hex-encoded AES key (128/256 bits) for Kerberos AES encryption

-target-ip IP
    IP of target (required if target is NetBIOS name without DNS)

-dc-ip IP
    IP of Domain Controller for Kerberos authentication

<target>
    Target hostname/IP; format [[domain/]user[:password]@]<target>

[{target}]
    Optional additional targets

DESCRIPTION

impacket-getarch is a tool from the Impacket suite for fingerprinting the processor architecture of remote Windows hosts via the SMB protocol. It establishes an SMB connection, typically unauthenticated, and sends negotiation requests including dialects like NT LM 0.12, SMB 2.002, and SMB 2.1.

If the target negotiates SMB 2.1 dialect, it is identified as x64 (64-bit); otherwise, as x86 (32-bit). This heuristic relies on the fact that 32-bit Windows versions (e.g., up to Windows Server 2003 x86) do not support SMB 2.1, while 64-bit versions (Windows Vista/Server 2008 and later) do.

The tool supports authenticated connections via NTLM or Kerberos and works over TCP port 445. Output is simple: x86 or x64, with debug info if enabled. Ideal for reconnaissance in penetration testing, but effectiveness diminishes on systems with SMB1 disabled or patched configurations.

impacket-getarch

Determine the architecture of a remote system

TLDR

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

EXAMPLES

INSTALLATION

HISTORY

SEE ALSO