LDAPDomainDump
Using one of the credentials, I can get an overview of the target domain using ldapdomaindump
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya/ldapdomaindump]
└─$ ldapdomaindump nagoya.nagoya-industries.com -u 'NAGOYA-INDUSTRIES.COM\andrea.hayes' -p 'Nagoya2023' -n nagoya.nagoya-industries.com --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedComplete
Computers
/Practice/Nagoya/3-Exploitation/attachments/{F0C62192-0E11-4BE2-B6E5-D0DA419F3C82}.png)
Users
/Practice/Nagoya/3-Exploitation/attachments/{35189839-7134-4F4C-995F-9146DCDD5C15}.png)
/Practice/Nagoya/3-Exploitation/attachments/Pasted-image-20250423182710.png)
All the 3 compromised accounts belongs to the employees group
Groups
/Practice/Nagoya/3-Exploitation/attachments/Pasted-image-20250423183021.png)
These are the none default domain groups