Several useful commands are often ignored during domain penetration.

In the process of domain penetration, we often analyze domain information, some of which are GUI tools, but we can do it in the command line. In fact, Microsoft has provided us with a powerful domain management tool called cmdline. This article mainly introduces several tools: nltest.exe Introduction: this tool obtains information about the domain in the forest. At the same time, you can use it to obtain the user's hash. If you get the hash, you can try this. But sometimes the program is not included in the system, because it is in the extended package of window 2003 and needs to be extracted by itself. Ldifde.exe Introduction: Introduction to Plugin: xe.exe is used in fat.ntfs.exe management. It may not be a ms tool. It is a tool for remote command execution and a powerful pstools toolkit. To repeat nltest.exe, refer: http://technet.microsoft.com/zh-cn/library/cc731935 # View domain-a domain controller nltest/dclist: domain-a # displays detailed information about a specific user. Here we can get the complete HASH of the user. nltest/user: "TestAdmin" # lists the trust relationships established for your domain. Nltest/domain_trusts # the domain controller and its corresponding IP address in the list of Domain Name System (DNS) servers queried. This parameter also contacts to check the Connected Domain Controller www.2cto. comnltest/dsgetdc: abcDC: \ server-c95b23ad.abcAddress: \ 192.168.1.10Dom Guid: 6784b216-b3b5-4501-9f52-2f78bb702cacdom Name: abcForest Name: abcDc Site Name: Default-First-Site-NameOur Site Name: default-First-Site-NameFlags: pdc gc ds ldap kdc timeserv gtimeserv writable DNS_DC DNS_DOMAINDNS_FOREST CLOSE_SITE what it means when you see this information ================== ====================================== ==================================================== Ldifde I will not talk nonsense, let's take a look at the official description of MS. ========================================================== ==================================================== Fsutil executable File Allocation Table (FAT) and NTFS file systems, such as managing reanalysis points, managing sparse files, or detaching volume-related tasks. If no parameter is used, fsutil displays the list of supported sub-commands. C: \> fsutil -- Commands Supported -- behavior Control file system Specified Manage volume dirty bitfile File specific commandsfsinfo File system informationhardlink Hardlink specified Object ID specified Quota specified Reparse point specified Sparse file controlusn USN specified Volume management: \> fsutil fsinfodrivers is an invalid parameter. -- FSINFO Commands Supported -- drives List all drivesdrivetype Query drive type for a Query volume informationntfsinfo Query NTFS specific volume informationstatistics Query file system statistics C: \> fsutil fsinfo drives Drives:: \ C: \ D: \ C: \>====================================================== ================================================== export xec \ COMPUTER -u user-p password-d-f-c gsecdump.exe-a> x. TXTpsexec \ computer-u user-p password-d cmd.exe