Cyber security

Pentesting Active Directory – A Comprehensive Guide To Tools, Techniques, And Commands

This is a cheatsheet of tools and commands that I use to pentest Active Directory. It includes Windows, Impacket and PowerView commands, how to use Bloodhound and popular exploits such as Zerologon and NO-PAC.

Enumeration

Initial System Enumeration

See local accounts

net user

See all of the accounts in the domain

net user /domain

Check if an account is a Domain Admin

net user <account-name> domain

See groups in the AD domain

net group /domain

Sync the clock with the DC (Domain Controller).

ntpdate <dc-ip>

Powerview

. .\PowerView.ps1

Information About The Domain

Get-NetDomain

Get-NetDomain-Controller

Get-Domain-Policy

See password rules

(Get-DomainPolicy).”system access”

Information about users Look for passwords/personal information in the description

Get-NetUser

Get-NetUser | select cn

Get-NetUser | select description

Get-NetUser | select samaccountname

Get-UserProperty -Properties pwdlastset

Get-UserProperty -Properties logoncount

Information About Computers

Get-NetComputer

Get-NetComputer -FullData

Get-NetGroup

Get-NetGroup -GroupName <group-name>

Get-NetGroup -GroupName “Domain Admins”

Get-NetGroupMember -GroupName “Domain Admins”

See SMB Shares

Invoke-ShareFinder

Crackmapexec

A few quick commands that I always use if I have no information about the machine

crackmapexec smb <ip>

crackmapexec smb <ip> -u ” -p ”

crackmapexec smb <ip> -u ‘guest’ -p ”

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

7 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago