AD-DC Querying

The tools used for ADDC querying are as follows :

nltest command:

You can use nltest to query domain controllers and domain-related information. For example:

To find the domain controllers in the domain:
```
nltest /dclist:<domain_name>
```
To get information about the current domain:
```
nltest /dsgetdc:<domain_name>
```

`nbtstat` Command:

nbtstat is useful for querying NetBIOS over TCP/IP (NBT) and can show you NetBIOS information about computers and services on the network. For example:

To display information about the NetBIOS name tables of remote computers:
```
nbtstat -A <IP_Address>
```
This will show you the NetBIOS name table of a specific computer (useful to identify its NetBIOS names).
To display the NetBIOS name table of your own computer:
```
nbtstat -n
```
This shows the NetBIOS names that your system is currently using.
To resolve NetBIOS names from a remote host by its name:
```
nbtstat -a <hostname>
```
This will give you the NetBIOS name table for the specified host.

PreviousRubeus (Kerberoasting) & Winpeas Nextmstsc - RDP

Last updated 5 months ago

nbtstat Command:

`nbtstat` Command: