Active Directory Enum & Attacks - Domain Trusts - Child -> Parent

what password did you use ?

not sure if you solved it but the question is poorly written as usual … when they say NTLM hash they usually are referring to NT part of the hash only

It actually failed a few times, I exited out, did some enumeration of the accounts rights etc to make sure I wasn’t going crazy (a Domain Admin should be able to DCSync!), and it just worked. The exact same command as before, run from the same PowerShell session (although I had exited Mimikatz and gone back in).

So for anyone reading this: It seems like just a transitory error, but secretsdump is probably quicker.

I met mimikatz error in the windows version of this section.

ERROR kuhl_m_lsadump_dcsync ; GetNCChanges: 0x000020f7 (8439)

However, the cause of this problem is simple. The current user just does not have enough privileges.
In this questions, you can elevate your privileges by right-clicking.


To get the flag.txt located in the ExtraSids folder you have to do as following

ls \\academy-ea-dc01.inlanefreight.local\c$\ExtraSids

And then cat it out! You know how to do it :wink:

Now from where I found this? Actually I tried many combination such as c\ExtraSids, c\ExtraSids$, etc manually and at last got hit on it.