Password Policies

FROM LINUX

With valid domain credentials, the password policy can be obtained remotely using tools like CrackMapExec or rpcclient.

crackmapexec smb 13.13.13.13 -u sol -p pwd123 --pass-pol

An SMB NULL session may allow an attacker to retrieve domain information without authentication.

rpcclient -U "" -N 13.13.13.13
rpcclient $> querydominfo
rpcclient $> getdompwinfo

enum4linux -P 13.13.13.13

enum4linux-ng -P 13.13.13.13 -oA militech
cat militech.json

ldapsearch -h 13.13.13.13 -x -b "DC=ARASAKA,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength

C:\> net accounts

PS C:\> import-module .\PowerView.ps1
PS C:\> Get-DomainPolicy

Last updated 11 months ago