Enumerating & Retrieving Password Policies

• Enumerando a política de senha - do Linux - Credentialed

crackmapexec smb 172.16.5.5 -u avazquez -p Password123 --pass-pol

• Usando rpcclient

rpcclient -U "" -N 172.16.5.5

querydominfo

getdompwinfo : Obtendo a politica de senha

• Usando enum4linux

enum4linux -P 172.16.5.5

• Usando enum4linux-ng

enum4linux-ng -P 172.16.5.5 -oA ilfreight

• Exibindo o conteúdo de ilfreight.json

cat ilfreight.json

• Usando ldapsearch

ldapsearch -h 172.16.5.5 -x -b "DC=INLANEFREIGHT,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength

Enumerando a política de senha - do Windows

• Usando net.exe

net accounts

• Usando o PowerView

import-module .\PowerView.ps1
Get-DomainPolicy