Tags
Lateral MovementPrivilege EscalationInitial AccessAuthenticatedUnauthenticated
Wordlist Generation
Add likely words to a file (domain name, seasons, employees, etc).
Use hashcat with ruleset to generate the alterations
hashcat --force words.txt -r /usr/share/hashcat/rules/best64.rule --stdout > wordlist.txtyou should also prolly append an exclamation point to the words as well.
Workarounds
“Password must be changed on next logon”
“Password_must_change”
You can try two things
rpcclient -U <user> <IP>
rpcclient $> setuserinfo2 <user> 23 'Password123!'smbpasswd -U <user> -r <IP>