Can skip this part if you know for sure there is no account lockout policy

Linux Attacker#

`netexec`#

If null session is available, use this

netexec smb -u '' -p '' $target --pass-pol

If not, then need valid credential

netexec smb $target -u "$user" -p "$pass" --pass-pol

If null session is available, use this

rpcclient -U "" -N $target
rpcclient $> getdompwinfo

If not, then need valid credential

rpcclient -U "$user%$pass" $target
rpcclient $> getdompwinfo

ldapsearch -h $target -x -b "DC=INLANEFREIGHT,DC=LOCAL" -s sub "*" | grep -m 1 -B 10 pwdHistoryLength

net accounts

import-module .\PowerView.ps1

Get-DomainPolicy