// notes/ Active Directory
🏛️

Initial Attack Strategy Rpc

Notes from oscp.adot8.com — active directory.

#active directory#adot8
source · oscp.adot8.com · active-directory/initial-attack-strategy_rpc

RPC

code
01rpcclient -U '' -N 10.10.10.169
code
01enumdomusers
02enumdomgroups

{% hint style="info" %} Some bash kungfu can be used to cleanup the users output: cat raw | awk -F [ '{print $2}' | awk -F] '{print $1}' > users.txt {% endhint %}

<pre><code><strong>queryuser joe </strong>queryuser 0x451 querygroup 0x44f &#x3C;-- Must use the RID for querying the group querygroupmem 0x44f &#x3C;-- Shows what user is in the group(by rid) </code></pre>
code
01querydispinfo <-- Displays comments made on accounts