cheatsheet
  • Introduction
  • Internal Pentest
    • Active Directory
      • Reconnaissance
        • Find Domain Name
        • Find Domain Controllers
        • Enumerating Machines
        • Enumerating Services
        • DNS Enumeration
      • Exploitation
        • Exploit Without Account
          • SMB Relay
        • Exploit With Account
          • Kerberoast Attack
      • Post-Exploitation
        • Extracting Credentials
          • Retrieve Windows passwords
          • Retrieve Windows hashes
        • Maintening Access
          • Adding Local Administrator
        • Lateral Movement
          • SMB protocol
Powered by GitBook
On this page
  • On Linux:
  • On Windows
  1. Internal Pentest
  2. Active Directory
  3. Reconnaissance

Find Domain Name

On Linux:

Simply read your resolv.conf:

cat /etc/resolv.conf

Or scan machines with CrackMapExec:

cme smb 192.168.12.0/24

On Windows

Simply use ipconfig:

ipconfig /all
PreviousReconnaissanceNextFind Domain Controllers

Last updated 5 years ago