Command Line [CMD]
Benefits
- No Additional or External Tooling is required, these commands are often not Monitored by the Blue Team.
- GUI is not necessary to do this Enumeration.
- VBScript and other Macro Languages that are often used for Phishing Payloads support these commands natively so they can be used to Enumerate initial Information regarding the Active Directory Domain before more specific Payloads are crafted.
Drawbacks
- The
netcommands must be executed from a Domain-Joined Machine. If the Machine is not Domain-Joined, it will default to the WORKGROUP Domain. - The
netcommands may not show all Information.
Active Directory Administrators Accounts
| Name | Description |
|---|---|
| BUILTIN\Administrator | Local Admin Access on a Domain Controller. |
| Domain Admins | Administrative Access to all Resources in the Domain. |
| Enterprise Admins | Available only in the Forest Root. |
| Schema Admins | Capable of Modifying Domain/Forest. Useful for Red Teamers. |
| Server Operators | Can manage Domain Servers. |
| Account Operators | Can manage Users that are not in Privileged Groups. |
Users
:: Returns Active Directory Users
net user /domain
:: Show [User] Detailed Information
net user delilah.gomez /domain
Groups
:: Returns Active Directory Groups
net group /domain
:: Show [Group] Detailed Information
net group "Tier 1 Admins" /domain
:: List Local Groups
net localgroup
net localgroup "Group Name"
Password Policy
:: Returns Password Policy Details
:: [Length - Lockout - Minimum Length - Maximum Age]
net accounts /domain
Other
:: Provides Information about the Machine including Information about the Domain
systeminfo