![]() In our example, TEST is the NETBIOS name for the current domain we’re in. Once you get down to a specific element, you will either read it or cat it (they alias to the same thing). ![]() From here, you can use ls and cd to browse around the directory structure. dscl can be used interactively by simple running dscl without any arguments. ![]() The structure for this is based off of Apple’s old NetInfo Directory structure, and now includes some mix of their Open Directory (which is a fork of OpenLDAP) and Microsoft’s Active Directory. ![]() To query the local system, we use “.” and to query AD we use “/Active Directory” in place of the datasource. For our purposes, we’re going to be using two different data sources - local and the domain’s active directory. It allows users to not only query different directory services, but configure them as well (with appropriate permissions). Ok, so what’s actually happening here? dscl (/usr/bin/dscl) is MacOS’ directory service command line utility. Let’s start with a sample useful command and break it down:ĭscl “/Active Directory/TEST/All Domains” read “/Groups/Domain Admins” member memberof I’m going to discuss a few different methods for doing some AD recon on a Mac with strictly built-in tools by comparing them to the more common Windows versions. You can even run something like the BloodHound Project to quickly get an insane amount of Active Directory information if you have the ability to run PowerShell or C# code. Some red teamers still want to use something like dsquery to do some custom LDAP queries like dsquery * -filter “(&(objectclass=group)(name=*admin*))” -limit 1 (this is also possible with PowerView). Many Red Teamers start off with the common net user, net group, net localgroup commands, and now everybody is familiar with Will Shroeder’s PowerView project. Because of this, Red Teamers have a myriad of tools and experience querying Active Directory from a windows box. Due to the nature of the work, many Red Teamers have a much stronger focus on Windows Enterprise networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |