# bloodyAD
A [tool](https://github.com/CravateRouge/bloodyAD) for automating AD tasks (user management, password changes, and privesc) - great guide/cheatsheet [here](https://adminions.ca/books/active-directory-enumeration-and-exploitation/page/bloodyad).

## Find what LAPS password a user account can read

```
bloodyAD --host IP.OF.A.DOMAINCONTROLLER -d domain.com -u user-with-privs-to-read-laps-passwords -p 'xxx123' get search --filter '(ms-mcs-admpwdexpirationtime=*)' --attr ms-mcs-admpwd,ms-mcs-admpwdexpirationtime

```