Secondary Categories: 02-Information Gathering

We can utilize crackmapexec to extract subnet information from active directory assuming that we have the following information:

  • Valid Domain Credentials
  • Can Query LDAP

We can use crackmapexec’s subnet module against the domain controller to return a list of subnets

crackmapexec ldap $ip -d $domain -u $username -p $password -M subnets

Resources:

Also Check Out:

  • PLACEHOLDER