AD ENUMERATION & ATTACKS - Living off the Land

RE: Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer.

I was able to figure this out using net commands. Don’t feel like I learned enough to puzzle it out using the techniques in the Hint.

Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer.

  1. Follow the tips to find the disabled accounts. It is better to filter by user name.
  2. Use net command.
1 Like

Was anyone able to complete the last problem?
The query is very difficult and I don’t know what kind of content to write…

try this:-

your query is incomplete you’re missing the “*” at the end next to HTB. This will query all strings that begin with the “HTB”. If you do it without they will not be able to find anything. Thus it should be,

Everything was explained in the module.

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32))"

Replace 32(PASSWD_NOTREQD) to 2(ACCOUNTDISABLE).
Then “net user /domain username”

1 Like