>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Active Directory / AD Domain Recon (net commands)

AD Domain Recon (net commands)

Active Directory AD Enumeration windows

Quick “where am I”

whoami
hostname
systeminfo

Local users vs domain users

net users
net users /domain

Domain groups

net groups /domain
net group "Domain Admins" /domain
net group "ClientAdmins" /domain

Local groups

net localgroup
net localgroup administrators

Identify the AD server (PowerShell)

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()