Get PasswordLastSet Time For Domain Controller Accounts
AKA - ROB WRITES POWERSHELL!!
Yesterday I posted a way to dump hashes using a Domain Controller account. But how do you know which account to use? And when was it’s password last set? net user unfortunately won’t do computer accounts.
So I decided to write a PowerShell script to find out. Unfortunately Windows 7 doesn’t come with the ActiveDirectory PowerShell module (I’m sure there is another way to do this but here is how I did it.
Installed the Remote Server Administration Tools - http://blogs.msdn.com/b/rkramesh/archive/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7.aspx (Not stealthy)
Then I was able to use the follow janky script I wrote to find all of the PasswordLastSet values for all of the Domain Controllers
This would probably be an awesome recon / situational awareness module for Empire ( https://github.com/PowerShellEmpire/Empire ) but written better hopefully.
Output is pretty simple, it looks like this:
Now I know that I have about 29 days left of valid use of that hash.