Environment Variables / Setup
export IP=
Automated Enumeration
Manual Service Enumeration
- 53 DNS
- 88 Kerberos
- 135 RPC
- 139,445 SMB
- 389,636 LDAP(S)
- 464 Kerberos Password Change
- 5985: WinRM
LDAP
ldapsearch -x -H ldap://$IP -b "dc=<domain>,dc=<tld>"
Enumerate DNS
gobuster dns -d domain.com -t 25 -w /us/share/wordlists/Seclist/Discovery/DNS/subdomain-top2000.txt
Check 139,445 SMB Shares
RPCClient
rpcclient -U "" $IP