https://leikah.haoyingcao.xyz/en/docs/active_directory/credentialed_enum/Recent content in Credentialed Enumeration on LEIKAHHugoenhttps://leikah.haoyingcao.xyz/en/docs/active_directory/credentialed_enum/user_enum/Mon, 01 Jan 0001 00:00:00 +0000https://leikah.haoyingcao.xyz/en/docs/active_directory/credentialed_enum/user_enum/<p>With the ability to authenticate to an Active Directory domain, we can now get a full list of users and groups on the domain. This can be helpful for us to plan further attacks and expand our access within the domain.</p> <h2 id="domain-users">Domain Users<a class="td-heading-self-link" href="#domain-users" aria-label="Heading self-link"></a></h2> <h3 id="linux-perspective">Linux Perspective<a class="td-heading-self-link" href="#linux-perspective" aria-label="Heading self-link"></a></h3> <p>The <code>--users</code> option may be used with <strong>NetExec</strong> to enumerate domain users. Note we have to use protocol <code>ldap</code> and our target must be a domain controller.</p>https://leikah.haoyingcao.xyz/en/docs/active_directory/credentialed_enum/bloodhound/Mon, 01 Jan 0001 00:00:00 +0000https://leikah.haoyingcao.xyz/en/docs/active_directory/credentialed_enum/bloodhound/<p>BloodHound allows information about domain accounts and their relationships to be collected automatically and then analyzed and presented in a graph format. It is very powerful to discover hidden and often unintended access rights and privileges possessed by principals. It also give suggestions on how attackers may abuse those access to achieve lateral movement or privilege escalation.</p> <p>Please consult this <a href="https://bloodhound.specterops.io/get-started/quickstart/community-edition-quickstart">quick start guide</a> on how to install and set up the newest version of BloodHound Community Edition.</p>