What privileges are required to perform a DCSync attack and export domain user hashes?
To execute DCSync, an attacker needs permissions of users in the Administrators, Domain Admins, Enterprise Admins groups, or the computer account of the domain controller. These high-level privileges allow replication of credentials via the DRS protocol.
---
**Related reading:**
- Domain Penetration - DCSync — original article
- Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107) Exploitation Test
- Use powershell to find a writable windows service
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
---
**Related reading:**
- Domain Penetration - DCSync — original article
- Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107) Exploitation Test
- Use powershell to find a writable windows service
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
DCSyncprivilegesDomain AdminsEnterprise Adminsdomain controller
Source:Domain Penetration - DCSync