text to types :: digital garden

Active Directory - LDAP

1 min read

CommandDescription
xfreerdp /v:<target IP address> /u:htb-student /p:<password>RDP to lab target
 Get-ADGroup -Identity "<GROUP NAME" -Properties *Get information about an AD group
whoami /privView a user’s current rights
Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property Name, StateCheck if RSAT tools are installed
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –OnlineInstall all RSAT tools
runas /netonly /user:htb.local\jackie.may powershellRun a utility as another user
Get-ADObject -LDAPFilter '(objectClass=group)' | select cnLDAP query to return all AD groups
Get-ADUser -LDAPFilter '(userAccountControl:1.2.840.113556.1.4.803:=2)' | select nameList disabled users
(Get-ADUser -SearchBase "OU=Employees,DC=INLANEFREIGHT,DC=LOCAL" -Filter *).countCount all users in an OU
get-ciminstance win32_product | flQuery for installed software
Get-ADComputer -Filter "DNSHostName -like 'SQL*'"Get hostnames with the word “SQL” in their hostname
Get-ADGroup -Filter "adminCount -eq 1" | select NameGet all administrative groups
Get-ADUser -Filter {adminCount -eq '1' -and DoesNotRequirePreAuth -eq 'True'}Find admin users that don’t require Kerberos Pre-Auth
Get-ADUser -Filter {adminCount -gt 0} -Properties admincount,useraccountcontrolEnumerate UAC values for admin users
Get-WmiObject -Class win32_group -Filter "Domain='INLANEFREIGHT'"Get AD groups using WMI
([adsisearcher]"(&(objectClass=Computer))").FindAll()Use ADSI to search for all computers

Graph View