🧠 Staycyonline Knowledge Base

❯

❯

📁 Active Directory

❯

Domain Enumeration

Domain Enumeration

Nov 26, 20241 min read

powershell
Active-Directory
hacking
bug-bounty
TCM
crtp
oscp
enumeration

Domain Enumeration

Tags:powershell Active-Directory Related to:hacking bug-bounty TCM crtp oscp enumeration See also: Introduction to Active Directory Enumeration Cheatsheet AD Index: 🗂️ Index of CRTP

Summary

Introduction and techniques of Domain Enumeration

Domain Enumeration

Mapping of various entities, trusts, relationships and privilages for the target domain.

Check privileges of current user in Powershell

whoami /priv

How to enumerate domain? (Method 1 - .NET Classes)

$ADClass = [System.DirectoryServices.ActiveDirectory.Domain] $ADClass::GetCurrentDomain()

How to enumerate domain? (Using Powerview)

Refer Powerview Notes

How to enumerate domain? (Using Microsoft AD Module)

Refer Microsoft AD Module

Advantages of AD Module over Powerview

Less chance of Antivirus detection
Works well in constrained-language mode

Tips

Install tools in a folder in C drive (for eg: C:\AD\Tools) to prevent Anti Virus detection.
Microsoft AD Module is preferable over Powerview as AD module is a tool by Microsoft and is less likely to be detected by Anti Virus.

References (optional )

Graph View

Backlinks

Enumeration Cheatsheet AD

Created with Quartz v4.4.0 © 2024

GitHub
Discord Community