Identify the Domain

Secondary Categories: 02-Information Gathering

Identify Domain Controllers

When conducting a penetration test its typical for a device to be sent to the client that is connected to the network or a virtual machine will be provisioned with credentials. In this case you wouldn’t know the FQDN or where the Domain Controllers are located.

In the sample commands below ap3xlab.net is the client website.

host ap3xlab.net
 
#Lookup using local DNS config or DNS network servers 
nslookup ap3xlab.net

Identifying the FQDN

You can also use the following tools to passively listen to network traffic and identify the domain

tcpdump
responder (Analyze Mode)
wireshark
crackmapexec

Resources:

Title	URL
place	holder

Also Check Out:

PLACEHOLDER

The Void 🌌

Explorer

Identify the Domain

Identifying the FQDN

Resources:

Also Check Out:

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer