In this tutorial, I explained how to do privilege escalation to gain domain controller privilege on the active directory using mimikatz and Powershell. This attack relies on gathering the NTLM hash and generating a Kerberos TGT for the administrator account of the domain controller. The success of this attack relies on the fact that the admin of the domain controller had logged in to the Windows workstation we compromised in the past and their credentials are saved in-memory cache.

Skills Learned

  • Mimikatz
  • Powershell
  • Kerberos

Get OSCP Certificate Notes

Video Walk-through

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles