Skip to main content

Command Line [CMD]

Benefits
  • No Additional or External Tooling is required, these commands are often not Monitored by the Blue Team.
  • GUI is not necessary to do this Enumeration.
  • VBScript and other Macro Languages that are often used for Phishing Payloads support these commands natively so they can be used to Enumerate initial Information regarding the Active Directory Domain before more specific Payloads are crafted.
Drawbacks
  • The net commands must be executed from a Domain-Joined Machine. If the Machine is not Domain-Joined, it will default to the WORKGROUP Domain.
  • The net commands may not show all Information.
Active Directory Administrators Accounts

NameDescription
BUILTIN\AdministratorLocal Admin Access on a Domain Controller.
Domain AdminsAdministrative Access to all Resources in the Domain.
Enterprise AdminsAvailable only in the Forest Root.
Schema AdminsCapable of Modifying Domain/Forest. Useful for Red Teamers.
Server OperatorsCan manage Domain Servers.
Account OperatorsCan manage Users that are not in Privileged Groups.

Users

:: Returns Active Directory Users
net user /domain

:: Show [User] Detailed Information
net user delilah.gomez /domain

Groups

:: Returns Active Directory Groups
net group /domain

:: Show [Group] Detailed Information
net group "Tier 1 Admins" /domain
:: List Local Groups
net localgroup
net localgroup "Group Name"

Password Policy

:: Returns Password Policy Details
:: [Length - Lockout - Minimum Length - Maximum Age]
net accounts /domain

Other

:: Provides Information about the Machine including Information about the Domain
systeminfo