Recon
Find the DC
nslookup -type=SRV _ldap._tcp.dc._msdcs.<DOMAIN> <ip>nxc checks
# generate hosts files
nxc smb <ip> --generate-hosts-file hosts.txt
# check of the ldap signing
nxc ldap <ip> -u "user" -p "pass" -M ldap-checker -d "domain"
# check of the machine account quota
nxc ldap <ip> -u "user" -p "password" -M maq -d "domain" Last updated