-
Notifications
You must be signed in to change notification settings - Fork 384
smb dcsync command
skelsec edited this page Apr 13, 2021
·
2 revisions
Performs DCSYNC attack, extracts all hashes and kerberos keys from the domain controller using DRSUAPI
None
- A working SMB connection URL with a user that has getchanges/getchangesall right to the domain, pointing to the DC
None
-
url: SMB connection URL. Please consult theConnection URLsection -
--username: Optional, the username of the user to get the secrets of. If empty then all users will be targeted -
-oor--outfile: Writes the secrets to the specified file
-
pypykatz smb dcsync 'smb2+ntlm-password://TEST\Administrator:[email protected]': Performs DCSYNC