Skip to content

Latest commit

 

History

History
36 lines (24 loc) · 1.16 KB

password-policy.md

File metadata and controls

36 lines (24 loc) · 1.16 KB

Password Policy

As an attacker, password policies are extremely important to enumerate for performing both credential-based attacks such as password spraying.

Enumerate Password Policy

# Get Password Policy with CrackMapExec (Unauthenticated)
cme smb $dc -u '' -p ''

# Get Password Policy with CrackMapExec
crackmapexec smb $dc -u $username -p $password --pass-pol

# Get Password Policy with Net Accounts
net accounts

# Enumerate the default password policy settings from the Default Domain Policy GPO
Get-ADDefaultDomainPasswordPolicy

Fine-Grained Password Policy

# Enumerate all FGPPs configured
Get-ADFineGrainedPasswordPolicy -Filter *

# Obtain the FGPP assigned to a specific user
Get-ADUserResultantPasswordPolicy -Identity parzival

# Obtain FGPP via WMIC
wmic /namespace:\\ROOT\directory\LDAP PATH ds_msds_passwordsettings GET DS_DisplayName, ds_msds_PasswordSettingsPrecedence, ds_msds_LockoutObservationWindow, ds_msds_LockoutDuration, ds_msds_LockoutThreshold, ds_msds_PSOAppliesTo

References

{% embed url="https://specopssoft.com/blog/create-fine-grained-password-policy-active-directory/" %}