group, which allows for the creation of new users and modification of certain group memberships. DCSync Attack : Use the newly created user to grant yourself privileges (via on the domain object). Then, use Impacket's secretsdump.py to dump the NT hashes for all domain users, including the Administrator Root Access : Perform a Pass-the-Hash (PtH) attack using the Administrator's hash with wmiexec.py to gain full control of the machine. Top Resources
hashcat -m 18200 hashes.asrep /usr/share/wordlists/rockyou.txt Use code with caution. forest hackthebox walkthrough best
smbclient -L //10.10.10.161 -N