I’ve often found that while performing password guessing on a network, I’ll find valid credentials, but the password will be expired. This presents a challenge, because the credentials are of limited use until they are reset.
1 2 3 4 5 6 7 |
]# crackmapexec smb 10.0.0.15 -u locked -p Password1 SMB 10.0.0.15 445 WIN-NDA9607EHKS [*] Windows 10.0 Build 17763 x64 (name:WIN-NDA9607EHKS) (domain:n00py.local) (signing:True) (SMBv1:False) SMB 10.0.0.15 445 WIN-NDA9607EHKS [-] n00py.local\locked:Password1 STATUS_PASSWORD_MUST_CHANGE # crackmapexec smb 10.0.0.15 -u expired -p Password1 SMB 10.0.0.15 445 WIN-NDA9607EHKS [*] Windows 10.0 Build 17763 x64 (name:WIN-NDA9607EHKS) (domain:n00py.local) (signing:True) (SMBv1:False) SMB 10.0.0.15 445 WIN-NDA9607EHKS [-] n00py.local\expired:SPassword1 STATUS_PASSWORD_EXPIRED |
Throughout my testing I’ve found multiple ways to reset the passwords, however each contain some caveats. I’ve tested…