3.2 Adfind

Adfind用来查询域内资源，389端口

1、远程连接查询域控

PS C:\Users\Administrator\Desktop\AdFind>
.\AdFind.exe -h 172.16.80.189 -u sec\administrator -up Az123456@ -sc dclist.

win2019-1.sec.com
PS C:\Users\Administrator\Desktop\AdFind>

2、查询域内所有的机器，显示机器名称和操作系统

PS C:\Users\Administrator\Desktop\AdFind>
.\AdFind.exe -h 172.16.80.189 -u sec\administrator -up Az123456@ -f "objectcat
egory=computer" name operatingSystem

AdFind V01.62.00cpp Joe Richards (support@joeware.net) October 2023

Using server: win2019-1.sec.com:389
Directory: Windows Server 2019 (10.0.17763.1)
Base DN: DC=sec,DC=com

dn:CN=WIN2019-1,OU=Domain Controllers,DC=sec,DC=com
>name: WIN2019-1
>operatingSystem: Windows Server 2019 Datacenter

dn:CN=machine,CN=Computers,DC=sec,DC=com
>name: machine

dn:CN=DESKTOP-GBE538B,CN=Computers,DC=sec,DC=com
>name: DESKTOP-GBE538B
>operatingSystem: Windows 11 专业工作站版

3 Objects returned

3、查询所有域管

PS C:\Users\Administrator\Desktop\AdFind>
.\AdFind.exe -h 172.16.80.189 -u sec\administrator -up Az123456@ -b "CN=Domain Admins,CN=Users,DC=sec,DC=com" member

AdFind V01.62.00cpp Joe Richards (support@joeware.net) October 2023

Using server: win2019-1.sec.com:389
Directory: Windows Server 2019 (10.0.17763.1)

dn:CN=Domain Admins,CN=Users,DC=sec,DC=com
>member: CN=Administrator,CN=Users,DC=sec,DC=com

1 Objects returned

菜单

分享

3.2 Adfind

评论

6.7 域权限维持之AdminSDHolder滥用

6.6 域权限维持之重置DSRM密码

3.7 Kekeo

2.1 域常见名词

1.2 Kerberos协议

6.9 域权限维持之伪造域控

6.5 域权限维持之SID History滥用

2.8 服务主体名称

1.1 LM、NTLM协议

6.10 后渗透密码收集之 Hook PasswordChangeNotify