Expired Passwords

Find anyone with an expired password during Password Spraying?

[+] VALID LOGIN WITH ERROR: [email protected]:Welkom01 (User's password has expired)

We can simply reset their password using Impacket:

impacket-smbpasswd User1:[email protected] -newpass StrongPass123!

Another option is to RDP/authenticate to a machine within the network and utilizing the Native Windows password reset.

Note that Kerbrute notifies these accounts with a [+] but CME might return a:

[-] FAKE.intra\user1: STATUS_PASSWORD_MUST_CHANGE

Last updated 1 year ago