Post

Part 2 - Domain Enumeration with AD Module

Posted Updated
By Nairpaa 1 min read

Tujuan

  • Post compromise enumeration

Prasyarat

  • Memiliki kredensial user domain

Tools

Enumerasi AD dengan AD Module

  • Get Current Domain: Get-ADDomain
  • Enum Other Domains: Get-ADDomain -Identity <Domain>
  • Get Domain SID: Get-DomainSID
  • Get Domain Controlers:
    1
2

    Get-ADDomainController
Get-ADDomainController -Identity <DomainName>
  • Enumerate Domain Users:
    1
2
3
4

    Get-ADUser -Filter * -Identity <user> -Properties *

#Get a spesific "string" on a user's attribute
Get-ADUser -Filter 'Description -like "*wtver*"' -Properties Description | select Name, Description
  • Enum Domain Computers:
    1
2

    Get-ADComputer -Filter * -Properties *
Get-ADGroup -Filter *
  • Enum Domain Trust:
    1
2

    Get-ADTrust -Filter *
Get-ADTrust -Identity <DomainName>
  • Enum Forest Trust:
    1
2
3
4
5

    Get-ADForest
Get-ADForest -Identity <ForestName>

#Domains of Forest Enumeration
(Get-ADForest).Domains
  • Enum Local AppLocker Effective Policy:
    1

      Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

Referensi

Active Directory, Post Compromise Enumeration
active directory windows admodule enumeration
This post is licensed under CC BY 4.0 by the author.