Personal BlogTwitterGitHubContact

Subnet Enumeration

CrackMapExec enables us to extract subnet information from Active Directory assuming that we have the following:

  • Valid credentials for the domain

  • Can query LDAP

We can then use CrackMapExec's subnets module against the domain controller to return a list of subnets:

crackmapexec ldap $ip -d $domain -u $username -p $password -M subnets

References

LogoActive Directory Sites and Subnets enumeration
PreviousSimple Network Management Protocol (SNMP)NextIdentifying Domain Information

Last updated