Enumerating & Retrieving Password Policies
Enumerating the Password Policy - from Linux - Credentialed
# getting password policy with valid domain credentials using cme tool
crackmapexec smb ip -u eren -p pass --pass-pol
Enumerating the Password Policy - from Linux - SMB NULL Sessions
# Obtaining the Password Policy
# rpcclient
rpcclient -U "" -N ip
querydominfo
getdompwinfo
# enum4linux-ng
enum4linux-ng -P ip -oA ilfreight
Enumerating the Password Policy - from Linux - LDAP Anonymous Bind
# Using ldapsearch
ldapsearch -h ip -x -b "DC=DOMAIN,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength
Enumerating the Password Policy - from Windows
# Using net.exe
C:\> net accounts
# Using PowerView
PS C:\> import-module .\PowerView.ps1
PS C:\> Get-DomainPolicy
Last updated