🥝 Benjamin Delpy
@gentilkiwi
Mon Apr 15 00:25:32 +0000 2019

You love legacy API and a 2019 DC ? Me too.

I updated #mimikatz code for lsadump::changentlm (& lsadump::setntlm)
> https://t.co/Wzb5GAfWfd

If you don't need AES keys, do not hesitate to play with: SamiChangePasswordUser

1/5) Here, to bypass password policy (password: 1 char) https://t.co/TP9e5zKbTk

2/5) But you may prefer to change a password with a new ... hash ?

(maybe you understand now why complexity is not checked in previous tweet, and why AES keys don't exist after) https://t.co/osnLWMMQ4v

3/5) How... and with the same API you can change a password without knowing the previous one... only its previous hash (can be VERY useful 😉) https://t.co/4hYEuL2cvA

4/5) Logically, you can also change the previous hash to a new one... (to make jokes 😉) https://t.co/ZinDmpMlVj

5/5) And all of that with only normal 4723 events: it's a CHANGE from the user, not a RESET from an operator (4724)

(for the demo, policy was changed to allow password change before 1 day -- otherwise, you have to wait) https://t.co/p6RKXSdTw0

All videos:
1. https://t.co/SR08IcZFJY
2. https://t.co/uMj77v4uYd
3. https://t.co/KjFZTWTIDm
4. https://t.co/gIs1jRKzrE

Mon Apr 15 00:28:40 +0000 2019