ForceChangePassword | Infiltr8: The Red-Book

This abuse can be carried out when controlling an object that has a GenericAll, AllExtendedRights or User-Force-Change-Password over the target user.

It can also be achieved from UNIX-like system with , a tool for the administration of samba and cifs/smb clients. The can also be used to run net commands with .

The can also be used on UNIX-like systems when the package samba-common-bin is missing.

The attacker can change the password of the user. This can be achieved with ( module).

Mimikatz's lsadump::setntlm can also be used for that purpose.

Last updated 2 days ago

Was this helpful?