NTUSTISC - AD Note - Lab(當前網域控制站(DC))

Posted on 2024-01-31 | Post modified | In Security/Course/NTUST ISC/AD/1. 環境調查Normal |

NTUSTISC - AD Note - Lab(當前網域控制站(DC))

[TOC]

Lecture Video: 2022/05/04 AD 安全1

Lab Time - 環境調查

情報蒐集：==當前網域控制站(DC)==

以駭客的角度來說，如果已經連到AD中，要怎麼知道目前DC是誰常用的cheat sheet

$ echo %logonserver%
$ nltest /dclist:<domain>

:::spoiler Implementation

$ echo %logonserver%
\WIN-818G5VCOLJO
$ nltest /dclist:kuma.org
取得網域 'kuma.org' (從 '\WIN-818G5VCOLJO.kuma.org') 中的 DC 清單。
    WIN-818G5VCOLJO.kuma.org [PDC]  [DS] 站台: Default-First-Site-Name
命令成功完成

從Win10當中下指令的確可以知道Win2016的PC Name是WIN-818G5VCOLJO :::

Post author: SBK6401
Post link: https://bernie6401.github.io/security/course/ntust%20isc/ad/1.%20%E7%92%B0%E5%A2%83%E8%AA%BF%E6%9F%A5normal/2024/01/31/NTUSTISC-AD-Note-Lab(0x07%E7%95%B6%E5%89%8D%E7%B6%B2%E5%9F%9F%E6%8E%A7%E5%88%B6%E7%AB%99(DC))/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.