Active Directory Methodology
Extract domain info using IPC$ Share
IPC$ Share is essential for communication between programs and remotely accessing or managing another computer.
enum4linux IP
Find objects updated since a specific date
$ChangeDate = New-Object DateTime(2022, 02, 28, 12, 00, 00)
Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -includeDeletedObjects -Server za.tryhackme.com
Show domain users
net user /domain
Show specific info of domain user
net user william.torres /domain
Show domain groups
net group /domain
Show members of a group
net group "Tier 1 Admins" /domain
Show Password Policy
net accounts /domain
Show info about the Domain
Get-ADDomain -Server za.tryhackme.com
Perform password-spray attack without locking accounts
We need to search accounts with the badPwdCount
attribute greater than 0, those accounts will be avoided in our password-spray attack.
Get-ADObject -Filter 'badPwdCount -gt 0' -Server za.tryhackme.com
This will only show results if one of the users in the network mistyped their password a couple of times.
Last updated