This is a cheatsheet of tools and commands that I use to pentest Active Directory. It includes Windows, Impacket and PowerView commands, how to use Bloodhound and popular exploits such as Zerologon and NO-PAC.
See local accounts
net user
See all of the accounts in the domain
net user /domain
Check if an account is a Domain Admin
net user <account-name> domain
See groups in the AD domain
net group /domain
Sync the clock with the DC (Domain Controller).
ntpdate <dc-ip>
. .\PowerView.ps1
Information About The Domain
Get-NetDomain
Get-NetDomain-Controller
Get-Domain-Policy
See password rules
(Get-DomainPolicy).”system access”
Information about users Look for passwords/personal information in the description
Get-NetUser
Get-NetUser | select cn
Get-NetUser | select description
Get-NetUser | select samaccountname
Get-UserProperty -Properties pwdlastset
Get-UserProperty -Properties logoncount
Information About Computers
Get-NetComputer
Get-NetComputer -FullData
Get-NetGroup
Get-NetGroup -GroupName <group-name>
Get-NetGroup -GroupName “Domain Admins”
Get-NetGroupMember -GroupName “Domain Admins”
See SMB Shares
Invoke-ShareFinder
A few quick commands that I always use if I have no information about the machine
crackmapexec smb <ip>
crackmapexec smb <ip> -u ” -p ”
crackmapexec smb <ip> -u ‘guest’ -p ”
For more information click here.
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…
If you are a Linux user, you have probably seen commands like chmod 777 while…
Vim and Vi are among the most powerful text editors in the Linux world. They…
Working with compressed files is a common task for any Linux user. Whether you are…
In the digital era, an email address can reveal much more than just a contact…