Aug 12, 2022
Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I don't even know how it's going to end yet, so stay tuned to next week's (hopefully) exciting conclusion. For today, though, I've got some pentest tips to hopefully help you in your journeys of pwnage:
-Threads
flag to adjust the intensity of
your scan.Example syntax for LdapCurrentUser:
Get-LdapCurrentUser -certificate my.pfx -server
my.domain.controller:636 -usessl -CertificatePassword
admin
passwordlastset
. That way you can
quickly find users who haven't changed their password since the AD
backup:get-aduser -filter * -server victimdomain.local
-properties pwdlastset,passwordlastset,enabled | where { $_.Enabled
-eq $True} | select-object samaccountname,passwordlastset |
sort-object passwordlastset