Dashboard β€Ί Modules β€Ί Active Directory Enumeration

Active Directory Enumeration

Active Directory
> Start Learning

πŸ“– Overview

Enumerate AD environments to find attack paths.

🎯
3
Exercises
πŸƒ
2
Flashcards
πŸ—ΊοΈ
1
Mind Maps

πŸ“‹ Cheatsheet

BloodHound

bloodhound-python -u user -p pass -d domain.local -c all # Collect BloodHound data remotely
neo4j console # Start Neo4j database
bloodhound # Launch BloodHound GUI

LDAP

ldapsearch -x -H ldap://dc.domain.local -b 'DC=domain,DC=local' # Query LDAP for domain info

PowerView

Get-DomainUser # List domain users (PowerView)
Get-DomainGroup # List domain groups
Find-LocalAdminAccess # Find machines where current user is admin
Get-DomainGPO # Enumerate Group Policy Objects

CME

crackmapexec smb 10.10.10.5 -u user -p pass --users # Enumerate domain users via SMB
crackmapexec smb 10.10.10.5 -u user -p pass --shares # Enumerate SMB shares

πŸ’» Command Examples

⚠️ Common Pitfalls

  • Not running BloodHound collection
  • Missing group memberships

πŸ’‘ Exam Survival Tips

  • Always run BloodHound
  • Look for Kerberoastable accounts

🎯 Exercises

View All
fill command medium
Write the BloodHound Python command to collect all data from domain.local as user:pass:...
multiple choice easy
What tool visualizes Active Directory attack paths?...
multiple choice medium
Which PowerView command finds computers where the current user has local admin access?...

πŸ—ΊοΈ Mind Maps

AD Enumeration Path