Premise

In this tutorial, I again enumerated users, groups, memberships, and domain controllers. Then I did port scanning of the domain controller after locating its hostname and its active users. Then we used mimikatz to dump the password hashes of the workstation we compromised. We used PowerShell alongside PowerSploit to accomplish this.

Skills Learned

  • PowerShell
  • Mimikatz
  • PowerSploit

Get OSCP Certificate Notes

Video Walk-through