Ok, so what’s actually happening here? dscl (/usr/bin/dscl) is MacOS’ directory service command line utility. Let’s start with a sample useful command and break it down:ĭscl “/Active Directory/TEST/All Domains” read “/Groups/Domain Admins” member memberof I’m going to discuss a few different methods for doing some AD recon on a Mac with strictly built-in tools by comparing them to the more common Windows versions. You can even run something like the BloodHound Project to quickly get an insane amount of Active Directory information if you have the ability to run PowerShell or C# code. Some red teamers still want to use something like dsquery to do some custom LDAP queries like dsquery * -filter “(&(objectclass=group)(name=*admin*))” -limit 1 (this is also possible with PowerView). Many Red Teamers start off with the common net user, net group, net localgroup commands, and now everybody is familiar with Will Shroeder’s PowerView project. Because of this, Red Teamers have a myriad of tools and experience querying Active Directory from a windows box. Due to the nature of the work, many Red Teamers have a much stronger focus on Windows Enterprise networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |