redttps

Enumerating AD with net

Description

The net command is a built-in Windows utility used for managing and querying network resources. It can be used by red teams or attackers to enumerate Active Directory (AD) environments without needing any special tools.


Local System Enumeration Using net

  1. net user – Lists local users on the system
  2. net user user.name – Retrieves information about a specific local user
  3. net localgroup – Lists local groups on the system
  4. net localgroup group_name – Lists users in a local group
  5. net accounts – Retrieves the local account security policy

Domain Enumeration Using net

  1. net user /domain – Run on a domain-joined host to enumerate domain users
  2. net user user.name /domain – Run on a domain-joined host to get information about a specific domain user
  3. net group /domain – Run on a domain-joined host to enumerate domain groups
  4. net group groupName /domain – Run on a domain-joined host to list members of a domain group
  5. net accounts /domain – Run on a domain-joined host to display domain password and account lockout policy