Locate Domain Controllers

One of the first things to do on an internal pentest is to identify the Domain Controllers (DCs) on the target domain. You can find the DCs pretty easily if you have the internal domain name.

Linux

## nslookup -q=srv _ldap._tcp.dc._msdcs.[domain]
nslookup -q=srv _ldap._tcp.dc._msdcs.weelee.zip

PreviousDomain Enumeration NextBloodHound

Last updated 1 year ago