Process, commands & Programs
Process
- Direct access to Domain Controller
- Enumeration with nmap (Discovered the IP given is indeed a DC)
- Applied zerologon_tester to find out if DC is vulnerable
- Applied zerologon.py to reset the password to zero values
- Used impacket’s
secretsdump.pyto dump all the hashes (Admin hash), with the parameter “—no-pass” - Used evil-winrm to access and pass the hash to the server
Programs
evil-winrm
secretsdump (impacket)
zerologon (& Source)
PoCs
