You love legacy API and a 2019 DC ? Me too.
I updated #mimikatz code for lsadump::changentlm (& lsadump::setntlm)
If you don't need AES keys, do not hesitate to play with: SamiChangePasswordUser
1/5) Here, to bypass password policy (password: 1 char) https://t.co/TP9e5zKbTk
2/5) But you may prefer to change a password with a new ... hash ?
(maybe you understand now why complexity is not checked in previous tweet, and why AES keys don't exist after) https://t.co/osnLWMMQ4v
3/5) How... and with the same API you can change a password without knowing the previous one... only its previous hash (can be VERY useful 😉) https://t.co/4hYEuL2cvA
4/5) Logically, you can also change the previous hash to a new one... (to make jokes 😉) https://t.co/ZinDmpMlVj
5/5) And all of that with only normal 4723 events: it's a CHANGE from the user, not a RESET from an operator (4724)
(for the demo, policy was changed to allow password change before 1 day -- otherwise, you have to wait) https://t.co/p6RKXSdTw0