Secondary Categories: 02-Information Gathering
We can utilize crackmapexec to extract subnet information from active directory assuming that we have the following information:
- Valid Domain Credentials
- Can Query LDAP
We can use crackmapexecβs subnet module against the domain controller to return a list of subnets
crackmapexec ldap $ip -d $domain -u $username -p $password -M subnets
Resources:
Also Check Out:
- PLACEHOLDER