Enumerating & Retrieving Password Policies

Enumerating the Password Policy - from Linux - Credentialed

# getting password policy with valid domain credentials using cme tool
crackmapexec smb ip -u eren -p pass --pass-pol

Enumerating the Password Policy - from Linux - SMB NULL Sessions

# Obtaining the Password Policy 

# rpcclient
rpcclient -U "" -N ip
querydominfo
getdompwinfo

# enum4linux-ng
enum4linux-ng -P ip -oA ilfreight

Enumerating the Password Policy - from Linux - LDAP Anonymous Bind

# Using ldapsearch
ldapsearch -h ip -x -b "DC=DOMAIN,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength

Enumerating the Password Policy - from Windows

# Using net.exe
C:\> net accounts

# Using PowerView
PS C:\> import-module .\PowerView.ps1
PS C:\> Get-DomainPolicy
PreviousPassword SprayingNextMaking a Target User list

Last updated