01-03-2020, 05:19 PM
(This post was last modified: 01-03-2020, 05:34 PM by DanielG.
Edit Reason: just realized you dont need to set the new password with mimikatz
)
"My thinking was to crack the old NTLM hash, key it into AD"
I think you can change it back without knowing what the old password was. You can set the old NTLM hash with
lsadump::ChangeNTLM /server:AD.local /user:accountname /old:current.hash /new:hash.you.found.in.old.file
then update those 50 devices then set the new password back.
this way you won't need to run hashcat to find the old password
I think you can change it back without knowing what the old password was. You can set the old NTLM hash with
lsadump::ChangeNTLM /server:AD.local /user:accountname /old:current.hash /new:hash.you.found.in.old.file
then update those 50 devices then set the new password back.
this way you won't need to run hashcat to find the old password