Lists all domain users – net user /domain Obtain information about a user – net user <USER> /domain List users/information about a domain group – net group “<GROUP>” /domain Obtain Domain Controllers – nltest /dclist:<DOMAIN> Identify domain trusts – nltest /trusted_domains Lists all groups in a domain – net group /domain Run command prompt as another user within the context of the domain – runas /netonly /user:USERS\DOMAIN cmd.exe
Attacking Active Directory: 0 to 0.9 | zer1t0
The LOLAD project provides a comprehensive collection of Active Directory techniques, commands, and functions that can be used natively to support offensive security operations and Red Team exercises.
https://github.com/tevora-threat/SharpView
Active Directory recon. Vast number of available methods.
execute-assembly /tools/SharpView.exe Find-DomainUserLocation -UserIdentity "username”
From within Cobalt Strike