From the course: Advanced Pen Testing Techniques for Active Directory
Join today to access over 24,900 courses taught by industry experts.
Remote extraction of AD hashes - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Remote extraction of AD hashes
- [Instructor] We don't need to be on the active directory target to be able to extract password hashes, we can do it remotely. We don't need to be a domain administrator. We just need to know the credentials of one account with the replicating directory changes all permission. With this it's possible to remotely extract password hashes from a domain controller. I'm logged onto our new Windows domain workstation, as a domain user called Sam Spade. I'll load up PowerShell. I've already installed the DSinternals toolkit. So I'll start by importing it. Import module. DSinternals. In order to access the remote server, we need to send credentials across. So we'll set them up and then use the get ADReplAccount module to extract to use a hash. Dollar cred equals get Credential. And we can now enter the account which has the replicating directory changes or permission. And that's jdoe76 And the password is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Specific Active Directory attacks59s
-
(Locked)
Remote extraction of AD hashes2m 36s
-
(Locked)
Carry out a Kerberos roasting2m
-
(Locked)
Run a no-preauthentication attack4m 13s
-
(Locked)
Forge a golden ticket5m 8s
-
(Locked)
Running a shadow attack5m 5s
-
(Locked)
Using rubeus to take over the domain7m 25s
-
(Locked)
Relaying attacks to get a certificate3m 29s
-
(Locked)
Using smartcards to gain privileged access6m 49s
-
(Locked)
Set the BloodHound loose6m 34s
-
(Locked)
-