Quick notes – Enumerate Domain Controllers via nslookup

12/16/2011 § Leave a comment

Scenario:

Let’s say you know the domain name but you would like to enumerate all domain controllers.

domain: hacking.lab.local

# Linux Backtrack 5 R1 (attacker machine) 

  1. Open your linux shell

Using Nslookup

nslookup
set type=srv
_ldap._tcp.dc._msdcs.hacking.lab.local

Using Dig (Display a list of domain controllers )

dig SRV _ldap._tcp.dc._msdcs.hacking.lab.local | egrep -v '(;;)'|cut -d" " -f8 | awk NF

References:

Verify DNS registration for DC using nslookuphttp://technet.microsoft.com/en-us/library/cc738991%28WS.10%29.aspx

Get Domain Admins Script (GDA.bat)https://github.com/nullbind/Other-Projects/tree/master/GDA

Where Am I?

You are currently browsing the Enumeration category at hdesser.

Follow

Get every new post delivered to your Inbox.