Secondary Categories: 02-Information Gathering

https://github.com/lgandx/Responder

Identify Domain Controllers

When conducting a penetration test its typical for a device to be sent to the client that is connected to the network or a virtual machine will be provisioned with credentials. In this case you wouldn’t know the FQDN or where the Domain Controllers are located.

In the sample commands below ap3xlab.net is the client website.

host ap3xlab.net
 
#Lookup using local DNS config or DNS network servers 
nslookup ap3xlab.net
 

Identifying the FQDN

You can also use the following tools to passively listen to network traffic and identify the domain


Resources:

TitleURL
placeholder

Also Check Out:

  • PLACEHOLDER