# AD Enumeration

### Enumerating AD Users <a href="#kerberoasting" id="kerberoasting"></a>

Let's use some Impacket scripts to Enumerate users if we have a normal user account access.

```
                                                                                                                                                                       
┌──(kali㉿kali)-[~/Desktop]
└─$ impacket-GetADUsers -all -dc-ip 10.10.10.100 active.htb/SVC_TGS      
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation

Password:
[*] Querying 10.10.10.100 for information about domain.
Name                  Email                           PasswordLastSet      LastLogon           
--------------------  ------------------------------  -------------------  -------------------
Administrator                                         2018-07-18 15:06:40.351723  2023-07-21 02:36:10.518169 
Guest                                                 <never>              <never>             
krbtgt            
```

### Check if we have local admin access on domain controller

<figure><img src="https://755681241-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa5rXMZ1JAQhUeS7TtZkM%2Fuploads%2FR1V5oEzAkdlrv78G06TK%2Fimage.png?alt=media&#x26;token=4ecfb66b-b34f-47f6-960a-a48f102b2cd1" alt=""><figcaption></figcaption></figure>

<figure><img src="https://755681241-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fa5rXMZ1JAQhUeS7TtZkM%2Fuploads%2FaidnOpH9ZcyqvlWsiRyl%2Fimage.png?alt=media&#x26;token=dedf1b71-c346-4567-a97b-69846b5cc338" alt=""><figcaption></figcaption></figure>