LDAPDomainDump
┌──(kali㉿kali)-[~/…/htb/labs/sauna/ldapdomaindump]
└─$ ldapdomaindump sauna.egotistical-bank.local -u 'egotistical-bank.local\fsmith' -p 'Thestrokes23' -n $IP
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedUsing the credential of the fsmith user, I can get the domain information out for review
Computers
The DC host is the only computer account
It uses Windows Server 2019 Datacenter
Groups
It appears that there are only the generic/default domain groups
Users
The fsmith user being part of the Remote Management Users group grants a direct access to the target system via WinRM