Secondary Categories: 02-Information Gathering
https://github.com/lgandx/Responder
Identify Domain Controllers
When conducting a penetration test its typical for a device to be sent to the client that is connected to the network or a virtual machine will be provisioned with credentials. In this case you wouldn’t know the FQDN or where the Domain Controllers are located.
In the sample commands below ap3xlab.net
is the client website.
host ap3xlab.net
#Lookup using local DNS config or DNS network servers
nslookup ap3xlab.net
Identifying the FQDN
You can also use the following tools to passively listen to network traffic and identify the domain
Resources:
Title | URL |
---|---|
place | holder |
Also Check Out:
- PLACEHOLDER