7. Dump Domain Information via LDAP

Since you now have valid credentials (alfredo@megachange.nyx), it’s time to enumerate the AD environment using ldapdomaindump.

With these credentials, we can query LDAP to extract detailed Active Directory information, such as: domain users, groups, and computer objects to map the AD environment.

Active Directory enumeration tool that extracts and dumps domain information via LDAP

🔧 Command Syntax:

ldapdomaindump -u 'MEGACHANGE\\alfredo' -p 'YourPasswordHere' 192.168.10.4

Use backslashes (\) after the domain name.

Tips:

Review files like domain_users.html.
Look for high-privileged groups like Domain Admins or interesting users like sysadmin.

🗂️ What You'll Get:

This command creates a folder with several .json and .html files, such as:

domain_users.html → All users, look for interesting accounts like admin, svc, backup.
domain_groups.html → Lists groups. Find groups like:
- Domain Admins
- Enterprise Admins
- Server Operators
computers.json → Lists domain-joined machines (targets 🖥️).

PreviousExploitation Phase Next8. Perform Remote AD Recon with BloodHound

Last updated 7 months ago