Domain Account

Domain Account

• ID : T1087.002
• Tactic : Discovery
• Platforms: Windows, linux, macos

Local Account

Adversaries may attempt to get a listing of domain accounts. This information can help adversaries determine which domain accounts exist to aid in follow-on behavior.

Exploitations

Windows

Command Prompt

Users

We can list domain user accounts in windows os by executing the following command in command prompt or powershell.

net user /domain

Above image shows the listing of domain user accounts.

Groups

We can list domain groups in windows os by executing the following command in command prompt or powershell.

net group /domain

Above image shows the listing of domain groups.

Powerview

Users

We can use powerview to list domain user accounts in windows os. Import powerview script and execute the below command.

get-netuser | select name

Above image shows the listing of domain user accounts.

Groups

We can use powerview to list domain groups in windows os. Import powerview script and execute the below command.

get-netgroup | select samaccountname

Above image shows the listing of domain groups.

References

• https://attack.mitre.org/techniques/T1087/002/
• https://atomicredteam.io/discovery/T1087.002/