Password Policies

FROM LINUX

With valid domain credentials, the password policy can be obtained remotely using tools like CrackMapExec or rpcclient.

crackmapexec smb 13.13.13.13 -u rio -p rio@123 --pass-pol

An SMB NULL session may allow an attacker to retrieve domain information without authentication.

rpcclient -U "" -N 13.13.13.13
rpcclient $> querydominfo
rpcclient $> getdompwinfo

enum4linux -P 13.13.13.13

enum4linux-ng -P 13.13.13.13 -oA riotech
cat riotech.json

ldapsearch -h 13.13.13.13 -x -b "DC=CORP,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength

C:\> net accounts

PS C:\> import-module .\PowerView.ps1
PS C:\> Get-DomainPolicy

Last updated 3 months ago