🖥️AD Computers

Domain Computer Information

Get-DomainComputer

Code

Get-DomainComputer -Properties dnshostname,operatingsystem,lastlogontimestamp,useraccountcontrol

Export Data to a CSV File

Code

Get-DomainComputer -Properties dnshostname,operatingsystem,lastlogontimestamp,useraccountcontrol | Export-Csv .\inlanefreight_computers.csv -NoTypeInformation

Finding Exploitable Machines

LastLogonTimeStamp

If this field is 90 days old for a machine, it has not been turned on and is missing both operating system and application patches. Attackers can use this field in combination with other fields such as Operating System or When Created to identify targets.

OperatingSystem

Eg. Find a Windows 7 box that is still active (LastLogonTimeStamp) and try attacks like Eternal Blue. Windows 10 Enterprise is the only version that comes with "Credential Guard" (Prevents Mimikatz from Stealing Passwords) Enabled by default. If you see Administrators logging into Windows 10 Professional and Windows 10 Enterprise, the Professional box should be targeted.

WhenCreated

The older the box is, the more likely it is to deviate from the "Standard Build." Old workstations could have weaker local administration passwords, more local admins, vulnerable software, more data, etc.

Computer Attacks

Unconstrained Delegation

Code

Get-DomainComputer -Unconstrained -Properties dnshostname,useraccountcontrol

Constrained Delegation

Code

Get-DomainComputer -TrustedToAuth | select -Property dnshostname,useraccountcontrol

PreviousAD Groups NextDomain ACLs

Last updated 3 years ago

hashtagDomain Computer Information

hashtagGet-DomainComputer

hashtagExport Data to a CSV File

hashtagFinding Exploitable Machines

hashtagComputer Attacks

hashtagUnconstrained Delegation

hashtagConstrained Delegation

Domain Computer Information

Get-DomainComputer

Export Data to a CSV File

Finding Exploitable Machines

Computer Attacks

Unconstrained Delegation

Constrained Delegation