Exploit Steps →

We use a tool called this again from the tool kit impacket.The syntax for this would be domainname.local/<username>:<Password> -dc-ip <DomainController Ip> -request

and we should now get a hash for us and now we can look at it and see whats the hash from and stuff and it will give us krb5tgs hash which we then copy and move over to our deskptop for hash cracking and now lets see the module number in this case we can use the module 13100 and use our rockyou.txt wordlist and we should be able to crack it.

So basically even a 14 character if using common characters can be cracked easy peasy so take that into consideration.

Mitigation →

There is not much we can do because this is a windows feature.

Strong Passwords

Least Privelage .( Dont make them domain admins )