Secondary Categories: 02 - Information Gathering
We can utilize crackmapexec to extract subnet information from active directory assuming that we have the following information:
- Valid Domain Credentials
- Can Query LDAP
We can use crackmapexecβs subnet module against the domain controller to return a list of subnets
crackmapexec ldap $ip -d $domain -u $username -p $password -M subnets