In this tutorial, I again enumerated users, groups, memberships, and domain controllers. Then I did port scanning of the domain controller after locating its hostname and its active users. Then we used mimikatz to dump the password hashes of the workstation we compromised. We used PowerShell alongside PowerSploit to accomplish this.

Skills Learned

  • PowerShell
  • Mimikatz
  • PowerSploit

Get OSCP Certificate Notes

Video Walk-through



About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles