Skip to content

live smbapi localgroup command

skelsec edited this page Apr 14, 2021 · 1 revision

What it does

Enumerates localgroups and members of those groups on the target(s) using windows API and the current user context.


Each target's tcp/445 port will be connected to first and only the ones allowing the TCP connection will be actually enumerated.


  • You might need to be administrator on the remote host for this depending on the settings.


  • enum : Enumerates all shares on the target(s)


  • -o: Writes the TGT to file in KIRBI format
  • --json : Print credentials in JSON format
  • -f : Targets file, one line per IP or hostname
  • -t : Target IP or hostname
  • --timout : Timeout for each target in seconds
  • --disable-pre-check : Disables pre-check to see if the remote destination is alive. Will make enumeration take years!
  • -g : Groupname on the remote host to enumerate the memberships of


  • pypykatz live smbapi localgroup enum -t Enumerate the local administrators on host
Clone this wiki locally