8 lines
1 KiB
Markdown
8 lines
1 KiB
Markdown
|
|
|||
|
|
## Additional Enumeration Techniques
|
|||
|
|
|
|||
|
|
- **[LDAP enumeration](https://book.hacktricks.xyz/pentesting/pentesting-ldap)** - Any valid AD credential pair should be able to bind to a Domain Controller's LDAP interface. This will allow you to write LDAP search queries to enumerate information regarding the AD objects in the domain.
|
|||
|
|
|
|||
|
|
- **[PowerView](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1)** - PowerView is a recon script part of the [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) project. Although this project is no longer receiving support, scripts such as PowerView can be incredibly useful to perform semi-manual enumeration of AD objects in a pinch.
|
|||
|
|
|
|||
|
|
- **[Windows Management Instrumentation (WMI)](https://0xinfection.github.io/posts/wmi-ad-enum/)** - WMI can be used to enumerate information from Windows hosts. It has a provider called "root\directory\ldap" that can be used to interact with AD. We can use this provider and WMI in PowerShell to perform AD enumeration.
|