This is a cheatsheet of tools and commands that I use to pentest Active Directory. It includes Windows, Impacket and PowerView commands, how to use Bloodhound and popular exploits such as Zerologon and NO-PAC.
See local accounts
net user
See all of the accounts in the domain
net user /domain
Check if an account is a Domain Admin
net user <account-name> domain
See groups in the AD domain
net group /domain
Sync the clock with the DC (Domain Controller).
ntpdate <dc-ip>
. .\PowerView.ps1
Information About The Domain
Get-NetDomain
Get-NetDomain-Controller
Get-Domain-Policy
See password rules
(Get-DomainPolicy).”system access”
Information about users Look for passwords/personal information in the description
Get-NetUser
Get-NetUser | select cn
Get-NetUser | select description
Get-NetUser | select samaccountname
Get-UserProperty -Properties pwdlastset
Get-UserProperty -Properties logoncount
Information About Computers
Get-NetComputer
Get-NetComputer -FullData
Get-NetGroup
Get-NetGroup -GroupName <group-name>
Get-NetGroup -GroupName “Domain Admins”
Get-NetGroupMember -GroupName “Domain Admins”
See SMB Shares
Invoke-ShareFinder
A few quick commands that I always use if I have no information about the machine
crackmapexec smb <ip>
crackmapexec smb <ip> -u ” -p ”
crackmapexec smb <ip> -u ‘guest’ -p ”
For more information click here.
What is a Software Supply Chain Attack? A software supply chain attack occurs when a…
When people ask how UDP works, the simplest answer is this: UDP sends data quickly…
Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…
A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
People trying to securely connect to work are being tricked into doing the exact opposite.…