Closed sva-tastaturlandwirt closed 10 months ago
Are you 100% positive the computer didn't have a KCL already?
I wasn't able to see one when I checked as Domain Admin.
pywhisker -t 'vm-dc02$' -a list -d domain.local -u Administrator -p 'S3cr3tp4ssw0rd' --dc-ip 192.168.0.100 -vv
[DEBUG] Initializing domainDumper()
[*] Searching for the target account
[*] Target user found: CN=VM-DC02,OU=Domain Controllers,DC=domain,DC=local
[*] Attribute msDS-KeyCredentialLink is either empty or user does not have read permissions on that attribute
Weird, I'm not aware of any change on Microsoft's end, but maybe they changed that 🤷 It'd be best to setup an up-to-date lab and test it there (I won't be able to do that for now)
Alright, thank you. I'll try and setup a lab if time permits it. Let's hope it's not Microsoft that changed something but rather something particular about the specific AD environment.
Closing. Please keep us updated if you find the answer 😉
While on an engagement I was not able to get a computer account to add shadow credentials to itself. Was this fixed by Microsoft?
However I was able to add shadow credentials as the domain admin:
I also checked for any existing shadow credentials for the targeted computer account but there weren't any.