Active Directory Methodology

IPC$ Share is essential for communication between programs and remotely accessing or managing another computer.

enum4linux IP

Find objects updated since a specific date

$ChangeDate = New-Object DateTime(2022, 02, 28, 12, 00, 00)
Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -includeDeletedObjects -Server za.tryhackme.com

Show domain users

net user /domain

Show specific info of domain user

net user william.torres /domain

Show domain groups

net group /domain

Show members of a group

net group "Tier 1 Admins" /domain

Show Password Policy

net accounts /domain

Show info about the Domain

Get-ADDomain -Server za.tryhackme.com

Perform password-spray attack without locking accounts

We need to search accounts with the badPwdCount attribute greater than 0, those accounts will be avoided in our password-spray attack.

Get-ADObject -Filter 'badPwdCount -gt 0' -Server za.tryhackme.com

This will only show results if one of the users in the network mistyped their password a couple of times.

PreviousUseful Commands NextCommands to create AD environment

Last updated 1 month ago

Extract domain info using IPC$ Share

Find objects updated since a specific date

Show domain users

Show specific info of domain user

Show domain groups

Show members of a group

Show Password Policy

Show info about the Domain

Perform password-spray attack without locking accounts

Extract domain info using IPC$ Share

Find objects updated since a specific date

Show domain users

Show specific info of domain user

Show domain groups

Show members of a group

Show Password Policy

Show info about the Domain

Perform password-spray attack without locking accounts