🔥 3-day streak
CompTIA PenTest+ (PT0-003)30 / 175
Question 30 of 175

During an internal engagement, you have compromised an account that is a member of a group with the 'Replicating Directory Changes' and 'Replicating Directory Changes All' extended rights on the domain object. You want to obtain the NTLM hash of the KRBTGT account without executing code on a domain controller or triggering endpoint detection on the DC itself. Which technique should you use?

Reviewed for accuracy · Report an issueNext question