31 lines
572 B
Markdown
31 lines
572 B
Markdown
# Active Directory Enumeration
|
|
|
|
* Consists of
|
|
* Domain Controller
|
|
* Organizational Units
|
|
* AD Domains
|
|
* AD Forest
|
|
|
|
* Administrative accounts are
|
|
* Domain Admin
|
|
* Enterprise Admin
|
|
* Schema Admin
|
|
* Server Operator
|
|
* Account Operator
|
|
|
|
## Usage
|
|
|
|
* `systeminfo | findstr Domain`
|
|
* `Get-ADUser -filter *`
|
|
* Use found CN and DC and specify
|
|
* `Get-ADUser -filter * -searchBase "CN=Users,DC=<foundDC>,DC=<domainEnding>"`
|
|
|
|
### DNS
|
|
* Check ip via `ipconfig`
|
|
* `nslookup`, then `server <LocalIP>` and zone transfer via
|
|
```sh
|
|
ls -d <Domain>
|
|
```
|
|
|
|
|