Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore Steps #11

Closed
clintonm9 opened this issue Sep 30, 2020 · 1 comment
Closed

Restore Steps #11

clintonm9 opened this issue Sep 30, 2020 · 1 comment

Comments

@clintonm9
Copy link

Can you provide an example of how to use secretsdump.py to dump the plaintext machine password? I see that the restorepassword.py needs the hexpass, but I can not figure out how to get that.

Thanks
@dirkjanm
Copy link
Owner

dirkjanm commented Nov 4, 2020

If you run secretsdump.py with the "Administrator" domain user (so not the DC account!) with the latest impacket version it should give you the plaintext account password in hex. The recommended method of exploiting this is described on my blog, which does not involve resetting passwords: https://dirkjanm.io/a-different-way-of-abusing-zerologon/

@dirkjanm dirkjanm closed this as completed Nov 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dirkjanm @clintonm9