diff options
author | Raghuram Subramani <raghus2247@gmail.com> | 2022-09-04 05:04:04 -0400 |
---|---|---|
committer | Raghuram Subramani <raghus2247@gmail.com> | 2022-09-04 05:04:04 -0400 |
commit | f914e816092f02a4bbed779ad91a6641e7cc2122 (patch) | |
tree | 1c7dd2f7f2946ac4d80cb6f3147cbd5ec0b2b4af /support | |
parent | 869200611b92f0dee181a89ffb8f3f9123794d43 (diff) |
add rooms
Diffstat (limited to 'support')
44 files changed, 8349 insertions, 0 deletions
diff --git a/support/20220819205517_final.zip b/support/20220819205517_final.zip Binary files differnew file mode 100644 index 0000000..a07765e --- /dev/null +++ b/support/20220819205517_final.zip diff --git a/support/README.md b/support/README.md new file mode 100644 index 0000000..af846be --- /dev/null +++ b/support/README.md @@ -0,0 +1,37 @@ +> IP `10.10.11.174` + +> usernames +``` +support +guest +administrator +``` + +> password +``` +nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz +``` + +> names +``` +raven.clifton +anderson.damian +monroe.david +cromwell.gerard +west.laura +levine.leopoldo +langley.lucy +daughtler.mabel +bardot.mary +stoll.rachelle +thomas.raphael +smith.rosario +wilson.shelby +hernandez.stanley +ford.victoria +``` + +> creds +``` +support:Ironside47pleasure40Watchful +```
\ No newline at end of file diff --git a/support/UserInfo.exe.zip b/support/UserInfo.exe.zip Binary files differnew file mode 100644 index 0000000..b2c1a55 --- /dev/null +++ b/support/UserInfo.exe.zip diff --git a/support/administrator.ccache b/support/administrator.ccache Binary files differnew file mode 100644 index 0000000..9f2a47a --- /dev/null +++ b/support/administrator.ccache diff --git a/support/domaindump/domain_computers.grep b/support/domaindump/domain_computers.grep new file mode 100644 index 0000000..6453192 --- /dev/null +++ b/support/domaindump/domain_computers.grep @@ -0,0 +1,5 @@ +cn sAMAccountName dNSHostName operatingSystem operatingSystemServicePack operatingSystemVersion lastLogon userAccountControl whenCreated objectSid description +meggiepc meggiepc$ meggiepc.support.htb 01/01/01 00:00:00 WORKSTATION_ACCOUNT 08/19/22 15:08:48 S-1-5-21-1677581083-3380853377-188903654-5102 +KRBRELAYUP KRBRELAYUP$ KRBRELAYUP.support.htb 01/01/01 00:00:00 WORKSTATION_ACCOUNT 08/19/22 15:01:17 S-1-5-21-1677581083-3380853377-188903654-5101 +MANAGEMENT MANAGEMENT$ Management.support.htb Windows 10 Pro 10.0 (19042) 07/26/22 16:01:56 WORKSTATION_ACCOUNT 07/21/22 13:19:20 S-1-5-21-1677581083-3380853377-188903654-2601 +DC DC$ dc.support.htb Windows Server 2022 Standard 10.0 (20348) 08/19/22 12:31:59 SERVER_TRUST_ACCOUNT, TRUSTED_FOR_DELEGATION 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-1000
\ No newline at end of file diff --git a/support/domaindump/domain_computers.html b/support/domaindump/domain_computers.html new file mode 100644 index 0000000..d16f4c8 --- /dev/null +++ b/support/domaindump/domain_computers.html @@ -0,0 +1,37 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="11" id="cn_Domain_computer_accounts">Domain computer accounts</td></tr></thead><tbody><tr><th>CN</th><th>SAM Name</th><th>DNS Hostname</th><th>Operating System</th><th>Service Pack</th><th>OS Version</th><th>lastLogon</th><th>Flags</th><th>Created on</th><th>SID</th><th>description</th></tr> +<tr><td>meggiepc</td><td>meggiepc$</td><td>meggiepc.support.htb</td><td> </td><td> </td><td> </td><td>01/01/01 00:00:00</td><td>WORKSTATION_ACCOUNT</td><td>08/19/22 15:08:48</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-5102">5102</abbr></td><td> </td></tr> +<tr><td>KRBRELAYUP</td><td>KRBRELAYUP$</td><td>KRBRELAYUP.support.htb</td><td> </td><td> </td><td> </td><td>01/01/01 00:00:00</td><td>WORKSTATION_ACCOUNT</td><td>08/19/22 15:01:17</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-5101">5101</abbr></td><td> </td></tr> +<tr><td>MANAGEMENT</td><td>MANAGEMENT$</td><td>Management.support.htb</td><td>Windows 10 Pro</td><td> </td><td>10.0 (19042)</td><td>07/26/22 16:01:56</td><td>WORKSTATION_ACCOUNT</td><td>07/21/22 13:19:20</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-2601">2601</abbr></td><td> </td></tr> +<tr><td>DC</td><td>DC$</td><td>dc.support.htb</td><td>Windows Server 2022 Standard</td><td> </td><td>10.0 (20348)</td><td>08/19/22 12:31:59</td><td>SERVER_TRUST_ACCOUNT, TRUSTED_FOR_DELEGATION</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1000">1000</abbr></td><td> </td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_computers.json b/support/domaindump/domain_computers.json new file mode 100644 index 0000000..57598a4 --- /dev/null +++ b/support/domaindump/domain_computers.json @@ -0,0 +1,476 @@ +[{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "meggiepc" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dNSHostName": [ + "meggiepc.support.htb" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=meggiepc,CN=Computers,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + false + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "localPolicyFlags": [ + 0 + ], + "logonCount": [ + 0 + ], + "mS-DS-CreatorSID": [ + { + "encoded": "AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUQQAAA==", + "encoding": "base64" + } + ], + "name": [ + "meggiepc" + ], + "objectCategory": [ + "CN=Computer,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user", + "computer" + ], + "objectGUID": [ + "{939079ee-3ab8-43b5-8c19-56eec37a4dcf}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-5102" + ], + "primaryGroupID": [ + 515 + ], + "pwdLastSet": [ + "2022-08-19 15:08:48.653740+00:00" + ], + "sAMAccountName": [ + "meggiepc$" + ], + "sAMAccountType": [ + 805306369 + ], + "servicePrincipalName": [ + "RestrictedKrbHost/meggiepc", + "HOST/meggiepc", + "RestrictedKrbHost/meggiepc.support.htb", + "HOST/meggiepc.support.htb" + ], + "uSNChanged": [ + 126820 + ], + "uSNCreated": [ + 126818 + ], + "userAccountControl": [ + 4096 + ], + "whenChanged": [ + "2022-08-19 15:08:48+00:00" + ], + "whenCreated": [ + "2022-08-19 15:08:48+00:00" + ] + }, + "dn": "CN=meggiepc,CN=Computers,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "KRBRELAYUP" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dNSHostName": [ + "KRBRELAYUP.support.htb" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=KRBRELAYUP,CN=Computers,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + false + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "localPolicyFlags": [ + 0 + ], + "logonCount": [ + 0 + ], + "mS-DS-CreatorSID": [ + { + "encoded": "AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUQQAAA==", + "encoding": "base64" + } + ], + "name": [ + "KRBRELAYUP" + ], + "objectCategory": [ + "CN=Computer,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user", + "computer" + ], + "objectGUID": [ + "{16b16c4e-ed6e-47d8-a72b-3496eb94f089}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-5101" + ], + "primaryGroupID": [ + 515 + ], + "pwdLastSet": [ + "2022-08-19 15:01:17.666101+00:00" + ], + "sAMAccountName": [ + "KRBRELAYUP$" + ], + "sAMAccountType": [ + 805306369 + ], + "servicePrincipalName": [ + "RestrictedKrbHost/KRBRELAYUP", + "HOST/KRBRELAYUP", + "RestrictedKrbHost/KRBRELAYUP.support.htb", + "HOST/KRBRELAYUP.support.htb" + ], + "uSNChanged": [ + 126816 + ], + "uSNCreated": [ + 126814 + ], + "userAccountControl": [ + 4096 + ], + "whenChanged": [ + "2022-08-19 15:01:17+00:00" + ], + "whenCreated": [ + "2022-08-19 15:01:17+00:00" + ] + }, + "dn": "CN=KRBRELAYUP,CN=Computers,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "MANAGEMENT" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dNSHostName": [ + "Management.support.htb" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=MANAGEMENT,CN=Computers,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + false + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "2022-07-26 16:01:56.822771+00:00" + ], + "lastLogonTimestamp": [ + "2022-07-21 13:19:20.885540+00:00" + ], + "localPolicyFlags": [ + 0 + ], + "logonCount": [ + 7 + ], + "msDS-SupportedEncryptionTypes": [ + 28 + ], + "name": [ + "MANAGEMENT" + ], + "objectCategory": [ + "CN=Computer,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user", + "computer" + ], + "objectGUID": [ + "{af1e117b-0fd5-45ca-be5b-1de4d1927698}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-2601" + ], + "operatingSystem": [ + "Windows 10 Pro" + ], + "operatingSystemVersion": [ + "10.0 (19042)" + ], + "primaryGroupID": [ + 515 + ], + "pwdLastSet": [ + "2022-07-21 13:19:20.276114+00:00" + ], + "sAMAccountName": [ + "MANAGEMENT$" + ], + "sAMAccountType": [ + 805306369 + ], + "servicePrincipalName": [ + "WSMAN/Management", + "WSMAN/Management.support.htb", + "RestrictedKrbHost/MANAGEMENT", + "HOST/MANAGEMENT", + "RestrictedKrbHost/Management.support.htb", + "HOST/Management.support.htb" + ], + "uSNChanged": [ + 53317 + ], + "uSNCreated": [ + 53285 + ], + "userAccountControl": [ + 4096 + ], + "whenChanged": [ + "2022-07-21 13:23:41+00:00" + ], + "whenCreated": [ + "2022-07-21 13:19:20+00:00" + ] + }, + "dn": "CN=MANAGEMENT,CN=Computers,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "DC" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dNSHostName": [ + "dc.support.htb" + ], + "dSCorePropagationData": [ + "2022-05-28 11:18:13+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "distinguishedName": [ + "CN=DC,OU=Domain Controllers,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "2022-08-19 12:31:59.319401+00:00" + ], + "lastLogonTimestamp": [ + "2022-08-19 04:32:27.408415+00:00" + ], + "localPolicyFlags": [ + 0 + ], + "logonCount": [ + 55 + ], + "msDFSR-ComputerReferenceBL": [ + "CN=DC,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=support,DC=htb" + ], + "msDS-GenerationId": [ + { + "encoded": "qpbPWFA8P4Y=", + "encoding": "base64" + } + ], + "msDS-SupportedEncryptionTypes": [ + 28 + ], + "name": [ + "DC" + ], + "objectCategory": [ + "CN=Computer,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user", + "computer" + ], + "objectGUID": [ + "{afa13f1c-0399-4f7e-863f-e9c3b94c4127}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1000" + ], + "operatingSystem": [ + "Windows Server 2022 Standard" + ], + "operatingSystemVersion": [ + "10.0 (20348)" + ], + "primaryGroupID": [ + 516 + ], + "pwdLastSet": [ + "2022-08-19 05:02:10.563829+00:00" + ], + "rIDSetReferences": [ + "CN=RID Set,CN=DC,OU=Domain Controllers,DC=support,DC=htb" + ], + "sAMAccountName": [ + "DC$" + ], + "sAMAccountType": [ + 805306369 + ], + "serverReferenceBL": [ + "CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb" + ], + "servicePrincipalName": [ + "Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/dc.support.htb", + "ldap/dc.support.htb/ForestDnsZones.support.htb", + "ldap/dc.support.htb/DomainDnsZones.support.htb", + "DNS/dc.support.htb", + "GC/dc.support.htb/support.htb", + "RestrictedKrbHost/dc.support.htb", + "RestrictedKrbHost/DC", + "RPC/290156e5-22cb-4f1b-9b96-5516d84c363c._msdcs.support.htb", + "HOST/DC/SUPPORT", + "HOST/dc.support.htb/SUPPORT", + "HOST/DC", + "HOST/dc.support.htb", + "HOST/dc.support.htb/support.htb", + "E3514235-4B06-11D1-AB04-00C04FC2DCD2/290156e5-22cb-4f1b-9b96-5516d84c363c/support.htb", + "ldap/DC/SUPPORT", + "ldap/290156e5-22cb-4f1b-9b96-5516d84c363c._msdcs.support.htb", + "ldap/dc.support.htb/SUPPORT", + "ldap/DC", + "ldap/dc.support.htb", + "ldap/dc.support.htb/support.htb" + ], + "uSNChanged": [ + 81989 + ], + "uSNCreated": [ + 12293 + ], + "userAccountControl": [ + 532480 + ], + "whenChanged": [ + "2022-08-19 05:02:10+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=DC,OU=Domain Controllers,DC=support,DC=htb" +}]
\ No newline at end of file diff --git a/support/domaindump/domain_computers_by_os.html b/support/domaindump/domain_computers_by_os.html new file mode 100644 index 0000000..76e9f9e --- /dev/null +++ b/support/domaindump/domain_computers_by_os.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="11" id="cn_Unknown">Unknown</td></tr></thead><tbody><tr><th>CN</th><th>SAM Name</th><th>DNS Hostname</th><th>Operating System</th><th>Service Pack</th><th>OS Version</th><th>lastLogon</th><th>Flags</th><th>Created on</th><th>SID</th><th>description</th></tr> +<tr><td>meggiepc</td><td>meggiepc$</td><td>meggiepc.support.htb</td><td> </td><td> </td><td> </td><td>01/01/01 00:00:00</td><td>WORKSTATION_ACCOUNT</td><td>08/19/22 15:08:48</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-5102">5102</abbr></td><td> </td></tr> +<tr><td>KRBRELAYUP</td><td>KRBRELAYUP$</td><td>KRBRELAYUP.support.htb</td><td> </td><td> </td><td> </td><td>01/01/01 00:00:00</td><td>WORKSTATION_ACCOUNT</td><td>08/19/22 15:01:17</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-5101">5101</abbr></td><td> </td></tr> +</tbody> +<thead><tr><td colspan="11" id="cn_Windows_10_Pro">Windows 10 Pro</td></tr></thead><tbody><tr><th>CN</th><th>SAM Name</th><th>DNS Hostname</th><th>Operating System</th><th>Service Pack</th><th>OS Version</th><th>lastLogon</th><th>Flags</th><th>Created on</th><th>SID</th><th>description</th></tr> +<tr><td>MANAGEMENT</td><td>MANAGEMENT$</td><td>Management.support.htb</td><td>Windows 10 Pro</td><td> </td><td>10.0 (19042)</td><td>07/26/22 16:01:56</td><td>WORKSTATION_ACCOUNT</td><td>07/21/22 13:19:20</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-2601">2601</abbr></td><td> </td></tr> +</tbody> +<thead><tr><td colspan="11" id="cn_Windows_Server_2022_Standard">Windows Server 2022 Standard</td></tr></thead><tbody><tr><th>CN</th><th>SAM Name</th><th>DNS Hostname</th><th>Operating System</th><th>Service Pack</th><th>OS Version</th><th>lastLogon</th><th>Flags</th><th>Created on</th><th>SID</th><th>description</th></tr> +<tr><td>DC</td><td>DC$</td><td>dc.support.htb</td><td>Windows Server 2022 Standard</td><td> </td><td>10.0 (20348)</td><td>08/19/22 12:31:59</td><td>SERVER_TRUST_ACCOUNT, TRUSTED_FOR_DELEGATION</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1000">1000</abbr></td><td> </td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_groups.grep b/support/domaindump/domain_groups.grep new file mode 100644 index 0000000..7f5661b --- /dev/null +++ b/support/domaindump/domain_groups.grep @@ -0,0 +1,50 @@ +cn sAMAccountName memberOf description whenCreated whenChanged objectSid +Shared Support Accounts Shared Support Accounts 05/28/22 11:11:32 05/28/22 11:12:04 S-1-5-21-1677581083-3380853377-188903654-1103 +DnsUpdateProxy DnsUpdateProxy DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers). 05/28/22 11:05:17 05/28/22 11:05:17 S-1-5-21-1677581083-3380853377-188903654-1102 +DnsAdmins DnsAdmins DNS Administrators Group 05/28/22 11:05:17 05/28/22 11:05:17 S-1-5-21-1677581083-3380853377-188903654-1101 +Enterprise Key Admins Enterprise Key Admins Members of this group can perform administrative actions on key objects within the forest. 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-527 +Key Admins Key Admins Members of this group can perform administrative actions on key objects within the domain. 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-526 +Protected Users Protected Users Members of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information. 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-525 +Cloneable Domain Controllers Cloneable Domain Controllers Members of this group that are domain controllers may be cloned. 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-522 +Enterprise Read-only Domain Controllers Enterprise Read-only Domain Controllers Members of this group are Read-Only Domain Controllers in the enterprise 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-498 +Read-only Domain Controllers Read-only Domain Controllers Denied RODC Password Replication Group Members of this group are Read-Only Domain Controllers in the domain 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-521 +Denied RODC Password Replication Group Denied RODC Password Replication Group Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-572 +Allowed RODC Password Replication Group Allowed RODC Password Replication Group Members in this group can have their passwords replicated to all read-only domain controllers in the domain 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-571 +Terminal Server License Servers Terminal Server License Servers Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-32-561 +Windows Authorization Access Group Windows Authorization Access Group Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-32-560 +Incoming Forest Trust Builders Incoming Forest Trust Builders Members of this group can create incoming, one-way trusts to this forest 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-32-557 +Pre-Windows 2000 Compatible Access Pre-Windows 2000 Compatible Access A backward compatibility group which allows read access on all users and groups in the domain 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-32-554 +Account Operators Account Operators Members can administer domain user and group accounts 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-32-548 +Server Operators Server Operators Members can administer domain servers 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-32-549 +RAS and IAS Servers RAS and IAS Servers Servers in this group can access remote access properties of users 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-553 +Group Policy Creator Owners Group Policy Creator Owners Denied RODC Password Replication Group Members in this group can modify group policy for the domain 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-520 +Domain Guests Domain Guests Guests All domain guests 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-514 +Domain Users Domain Users Users All domain users 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-513 +Domain Admins Domain Admins Denied RODC Password Replication Group, Administrators Designated administrators of the domain 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-512 +Cert Publishers Cert Publishers Denied RODC Password Replication Group Members of this group are permitted to publish certificates to the directory 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-517 +Enterprise Admins Enterprise Admins Denied RODC Password Replication Group, Administrators Designated administrators of the enterprise 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-519 +Schema Admins Schema Admins Denied RODC Password Replication Group Designated administrators of the schema 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-518 +Domain Controllers Domain Controllers Denied RODC Password Replication Group All domain controllers in the domain 05/28/22 11:03:43 05/28/22 11:19:47 S-1-5-21-1677581083-3380853377-188903654-516 +Domain Computers Domain Computers All workstations and servers joined to the domain 05/28/22 11:03:43 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-515 +Storage Replica Administrators Storage Replica Administrators Members of this group have complete and unrestricted access to all features of Storage Replica. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-582 +Remote Management Users Remote Management Users Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. 05/28/22 11:01:56 05/28/22 11:12:04 S-1-5-32-580 +Access Control Assistance Operators Access Control Assistance Operators Members of this group can remotely query authorization attributes and permissions for resources on this computer. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-579 +Hyper-V Administrators Hyper-V Administrators Members of this group have complete and unrestricted access to all features of Hyper-V. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-578 +RDS Management Servers RDS Management Servers Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-577 +RDS Endpoint Servers RDS Endpoint Servers Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-576 +RDS Remote Access Servers RDS Remote Access Servers Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-575 +Certificate Service DCOM Access Certificate Service DCOM Access Members of this group are allowed to connect to Certification Authorities in the enterprise 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-574 +Event Log Readers Event Log Readers Members of this group can read event logs from local machine 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-573 +Cryptographic Operators Cryptographic Operators Members are authorized to perform cryptographic operations. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-569 +IIS_IUSRS IIS_IUSRS Built-in group used by Internet Information Services. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-568 +Distributed COM Users Distributed COM Users Members are allowed to launch, activate and use Distributed COM objects on this machine. 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-562 +Performance Log Users Performance Log Users Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-559 +Performance Monitor Users Performance Monitor Users Members of this group can access performance counter data locally and remotely 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-558 +Network Configuration Operators Network Configuration Operators Members in this group can have some administrative privileges to manage configuration of networking features 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-556 +Remote Desktop Users Remote Desktop Users Members in this group are granted the right to logon remotely 05/28/22 11:01:56 05/28/22 11:01:56 S-1-5-32-555 +Replicator Replicator Supports file replication in a domain 05/28/22 11:01:56 05/28/22 11:19:47 S-1-5-32-552 +Backup Operators Backup Operators Backup Operators can override security restrictions for the sole purpose of backing up or restoring files 05/28/22 11:01:56 05/28/22 11:19:47 S-1-5-32-551 +Print Operators Print Operators Members can administer printers installed on domain controllers 05/28/22 11:01:56 05/28/22 11:19:47 S-1-5-32-550 +Guests Guests Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted 05/28/22 11:01:56 05/28/22 11:03:43 S-1-5-32-546 +Users Users Users are prevented from making accidental or intentional system-wide changes and can run most applications 05/28/22 11:01:56 05/28/22 11:03:43 S-1-5-32-545 +Administrators Administrators Administrators have complete and unrestricted access to the computer/domain 05/28/22 11:01:56 05/28/22 11:19:47 S-1-5-32-544
\ No newline at end of file diff --git a/support/domaindump/domain_groups.html b/support/domaindump/domain_groups.html new file mode 100644 index 0000000..e9c5ec4 --- /dev/null +++ b/support/domaindump/domain_groups.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="7" id="cn_Domain_groups">Domain groups</td></tr></thead><tbody><tr><th>CN</th><th>SAM Name</th><th>Member of groups</th><th>description</th><th>Created on</th><th>Changed on</th><th>SID</th></tr> +<tr><td>Shared Support Accounts</td><td>Shared Support Accounts</td><td> </td><td> </td><td>05/28/22 11:11:32</td><td>05/28/22 11:12:04</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1103">1103</abbr></td></tr> +<tr><td>DnsUpdateProxy</td><td>DnsUpdateProxy</td><td> </td><td>DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).</td><td>05/28/22 11:05:17</td><td>05/28/22 11:05:17</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1102">1102</abbr></td></tr> +<tr><td>DnsAdmins</td><td>DnsAdmins</td><td> </td><td>DNS Administrators Group</td><td>05/28/22 11:05:17</td><td>05/28/22 11:05:17</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1101">1101</abbr></td></tr> +<tr><td>Enterprise Key Admins</td><td>Enterprise Key Admins</td><td> </td><td>Members of this group can perform administrative actions on key objects within the forest.</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-527">527</abbr></td></tr> +<tr><td>Key Admins</td><td>Key Admins</td><td> </td><td>Members of this group can perform administrative actions on key objects within the domain.</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-526">526</abbr></td></tr> +<tr><td>Protected Users</td><td>Protected Users</td><td> </td><td>Members of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information.</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-525">525</abbr></td></tr> +<tr><td>Cloneable Domain Controllers</td><td>Cloneable Domain Controllers</td><td> </td><td>Members of this group that are domain controllers may be cloned.</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-522">522</abbr></td></tr> +<tr><td>Enterprise Read-only Domain Controllers</td><td>Enterprise Read-only Domain Controllers</td><td> </td><td>Members of this group are Read-Only Domain Controllers in the enterprise</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-498">498</abbr></td></tr> +<tr><td>Read-only Domain Controllers</td><td>Read-only Domain Controllers</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td>Members of this group are Read-Only Domain Controllers in the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-521">521</abbr></td></tr> +<tr><td>Denied RODC Password Replication Group</td><td>Denied RODC Password Replication Group</td><td> </td><td>Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-572">572</abbr></td></tr> +<tr><td>Allowed RODC Password Replication Group</td><td>Allowed RODC Password Replication Group</td><td> </td><td>Members in this group can have their passwords replicated to all read-only domain controllers in the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-571">571</abbr></td></tr> +<tr><td>Terminal Server License Servers</td><td>Terminal Server License Servers</td><td> </td><td>Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-561">561</abbr></td></tr> +<tr><td>Windows Authorization Access Group</td><td>Windows Authorization Access Group</td><td> </td><td>Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-560">560</abbr></td></tr> +<tr><td>Incoming Forest Trust Builders</td><td>Incoming Forest Trust Builders</td><td> </td><td>Members of this group can create incoming, one-way trusts to this forest</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-557">557</abbr></td></tr> +<tr><td>Pre-Windows 2000 Compatible Access</td><td>Pre-Windows 2000 Compatible Access</td><td> </td><td>A backward compatibility group which allows read access on all users and groups in the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-554">554</abbr></td></tr> +<tr><td>Account Operators</td><td>Account Operators</td><td> </td><td>Members can administer domain user and group accounts</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-548">548</abbr></td></tr> +<tr><td>Server Operators</td><td>Server Operators</td><td> </td><td>Members can administer domain servers</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-549">549</abbr></td></tr> +<tr><td>RAS and IAS Servers</td><td>RAS and IAS Servers</td><td> </td><td>Servers in this group can access remote access properties of users</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-553">553</abbr></td></tr> +<tr><td>Group Policy Creator Owners</td><td>Group Policy Creator Owners</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td>Members in this group can modify group policy for the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-520">520</abbr></td></tr> +<tr><td>Domain Guests</td><td>Domain Guests</td><td><a href="domain_users_by_group.html#cn_Guests" title="CN=Guests,CN=Builtin,DC=support,DC=htb">Guests</a></td><td>All domain guests</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-514">514</abbr></td></tr> +<tr><td>Domain Users</td><td>Domain Users</td><td><a href="domain_users_by_group.html#cn_Users" title="CN=Users,CN=Builtin,DC=support,DC=htb">Users</a></td><td>All domain users</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-513">513</abbr></td></tr> +<tr><td>Domain Admins</td><td>Domain Admins</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a>, <a href="domain_users_by_group.html#cn_Administrators" title="CN=Administrators,CN=Builtin,DC=support,DC=htb">Administrators</a></td><td>Designated administrators of the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-512">512</abbr></td></tr> +<tr><td>Cert Publishers</td><td>Cert Publishers</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td>Members of this group are permitted to publish certificates to the directory</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-517">517</abbr></td></tr> +<tr><td>Enterprise Admins</td><td>Enterprise Admins</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a>, <a href="domain_users_by_group.html#cn_Administrators" title="CN=Administrators,CN=Builtin,DC=support,DC=htb">Administrators</a></td><td>Designated administrators of the enterprise</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-519">519</abbr></td></tr> +<tr><td>Schema Admins</td><td>Schema Admins</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td>Designated administrators of the schema</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-518">518</abbr></td></tr> +<tr><td>Domain Controllers</td><td>Domain Controllers</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td>All domain controllers in the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-516">516</abbr></td></tr> +<tr><td>Domain Computers</td><td>Domain Computers</td><td> </td><td>All workstations and servers joined to the domain</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-515">515</abbr></td></tr> +<tr><td>Storage Replica Administrators</td><td>Storage Replica Administrators</td><td> </td><td>Members of this group have complete and unrestricted access to all features of Storage Replica.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-582">582</abbr></td></tr> +<tr><td>Remote Management Users</td><td>Remote Management Users</td><td> </td><td>Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:12:04</td><td><abbr title="S-1-5-32-580">580</abbr></td></tr> +<tr><td>Access Control Assistance Operators</td><td>Access Control Assistance Operators</td><td> </td><td>Members of this group can remotely query authorization attributes and permissions for resources on this computer.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-579">579</abbr></td></tr> +<tr><td>Hyper-V Administrators</td><td>Hyper-V Administrators</td><td> </td><td>Members of this group have complete and unrestricted access to all features of Hyper-V.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-578">578</abbr></td></tr> +<tr><td>RDS Management Servers</td><td>RDS Management Servers</td><td> </td><td>Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-577">577</abbr></td></tr> +<tr><td>RDS Endpoint Servers</td><td>RDS Endpoint Servers</td><td> </td><td>Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-576">576</abbr></td></tr> +<tr><td>RDS Remote Access Servers</td><td>RDS Remote Access Servers</td><td> </td><td>Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-575">575</abbr></td></tr> +<tr><td>Certificate Service DCOM Access</td><td>Certificate Service DCOM Access</td><td> </td><td>Members of this group are allowed to connect to Certification Authorities in the enterprise</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-574">574</abbr></td></tr> +<tr><td>Event Log Readers</td><td>Event Log Readers</td><td> </td><td>Members of this group can read event logs from local machine</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-573">573</abbr></td></tr> +<tr><td>Cryptographic Operators</td><td>Cryptographic Operators</td><td> </td><td>Members are authorized to perform cryptographic operations.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-569">569</abbr></td></tr> +<tr><td>IIS_IUSRS</td><td>IIS_IUSRS</td><td> </td><td>Built-in group used by Internet Information Services.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-568">568</abbr></td></tr> +<tr><td>Distributed COM Users</td><td>Distributed COM Users</td><td> </td><td>Members are allowed to launch, activate and use Distributed COM objects on this machine.</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-562">562</abbr></td></tr> +<tr><td>Performance Log Users</td><td>Performance Log Users</td><td> </td><td>Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-559">559</abbr></td></tr> +<tr><td>Performance Monitor Users</td><td>Performance Monitor Users</td><td> </td><td>Members of this group can access performance counter data locally and remotely</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-558">558</abbr></td></tr> +<tr><td>Network Configuration Operators</td><td>Network Configuration Operators</td><td> </td><td>Members in this group can have some administrative privileges to manage configuration of networking features</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-556">556</abbr></td></tr> +<tr><td>Remote Desktop Users</td><td>Remote Desktop Users</td><td> </td><td>Members in this group are granted the right to logon remotely</td><td>05/28/22 11:01:56</td><td>05/28/22 11:01:56</td><td><abbr title="S-1-5-32-555">555</abbr></td></tr> +<tr><td>Replicator</td><td>Replicator</td><td> </td><td>Supports file replication in a domain</td><td>05/28/22 11:01:56</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-552">552</abbr></td></tr> +<tr><td>Backup Operators</td><td>Backup Operators</td><td> </td><td>Backup Operators can override security restrictions for the sole purpose of backing up or restoring files</td><td>05/28/22 11:01:56</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-551">551</abbr></td></tr> +<tr><td>Print Operators</td><td>Print Operators</td><td> </td><td>Members can administer printers installed on domain controllers</td><td>05/28/22 11:01:56</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-550">550</abbr></td></tr> +<tr><td>Guests</td><td>Guests</td><td> </td><td>Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted</td><td>05/28/22 11:01:56</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-546">546</abbr></td></tr> +<tr><td>Users</td><td>Users</td><td> </td><td>Users are prevented from making accidental or intentional system-wide changes and can run most applications</td><td>05/28/22 11:01:56</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-32-545">545</abbr></td></tr> +<tr><td>Administrators</td><td>Administrators</td><td> </td><td>Administrators have complete and unrestricted access to the computer/domain</td><td>05/28/22 11:01:56</td><td>05/28/22 11:19:47</td><td><abbr title="S-1-5-32-544">544</abbr></td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_groups.json b/support/domaindump/domain_groups.json new file mode 100644 index 0000000..e4ddf68 --- /dev/null +++ b/support/domaindump/domain_groups.json @@ -0,0 +1,3142 @@ +[{ + "attributes": { + "cn": [ + "Shared Support Accounts" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=Shared Support Accounts,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "member": [ + "CN=support,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Shared Support Accounts" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{a6e65275-b8d8-4609-abc6-0059d0665017}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1103" + ], + "sAMAccountName": [ + "Shared Support Accounts" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12635 + ], + "uSNCreated": [ + 12599 + ], + "whenChanged": [ + "2022-05-28 11:12:04+00:00" + ], + "whenCreated": [ + "2022-05-28 11:11:32+00:00" + ] + }, + "dn": "CN=Shared Support Accounts,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "DnsUpdateProxy" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "description": [ + "DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers)." + ], + "distinguishedName": [ + "CN=DnsUpdateProxy,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "name": [ + "DnsUpdateProxy" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{c6a0cf35-7598-4656-a0d1-349bdbb7072f}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1102" + ], + "sAMAccountName": [ + "DnsUpdateProxy" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12492 + ], + "uSNCreated": [ + 12492 + ], + "whenChanged": [ + "2022-05-28 11:05:17+00:00" + ], + "whenCreated": [ + "2022-05-28 11:05:17+00:00" + ] + }, + "dn": "CN=DnsUpdateProxy,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "DnsAdmins" + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "description": [ + "DNS Administrators Group" + ], + "distinguishedName": [ + "CN=DnsAdmins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483644 + ], + "instanceType": [ + 4 + ], + "name": [ + "DnsAdmins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{756aaeda-6583-46f0-ae22-0871e56fc790}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1101" + ], + "sAMAccountName": [ + "DnsAdmins" + ], + "sAMAccountType": [ + 536870912 + ], + "uSNChanged": [ + 12489 + ], + "uSNCreated": [ + 12487 + ], + "whenChanged": [ + "2022-05-28 11:05:17+00:00" + ], + "whenCreated": [ + "2022-05-28 11:05:17+00:00" + ] + }, + "dn": "CN=DnsAdmins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Enterprise Key Admins" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members of this group can perform administrative actions on key objects within the forest." + ], + "distinguishedName": [ + "CN=Enterprise Key Admins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483640 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Enterprise Key Admins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{96c375f9-3eb9-4692-aa27-3b693ba39495}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-527" + ], + "sAMAccountName": [ + "Enterprise Key Admins" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13075 + ], + "uSNCreated": [ + 12453 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Enterprise Key Admins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Key Admins" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members of this group can perform administrative actions on key objects within the domain." + ], + "distinguishedName": [ + "CN=Key Admins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Key Admins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ae49ef96-4279-4ad0-ac24-eec26bfd58ca}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-526" + ], + "sAMAccountName": [ + "Key Admins" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13072 + ], + "uSNCreated": [ + 12450 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Key Admins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Protected Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information." + ], + "distinguishedName": [ + "CN=Protected Users,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Protected Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ccba6359-4618-4d71-81be-cb85b2e8a30d}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-525" + ], + "sAMAccountName": [ + "Protected Users" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12447 + ], + "uSNCreated": [ + 12445 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Protected Users,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Cloneable Domain Controllers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group that are domain controllers may be cloned." + ], + "distinguishedName": [ + "CN=Cloneable Domain Controllers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Cloneable Domain Controllers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{b9db8fea-424a-4556-84d6-1b18849d02ec}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-522" + ], + "sAMAccountName": [ + "Cloneable Domain Controllers" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12442 + ], + "uSNCreated": [ + 12440 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Cloneable Domain Controllers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Enterprise Read-only Domain Controllers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group are Read-Only Domain Controllers in the enterprise" + ], + "distinguishedName": [ + "CN=Enterprise Read-only Domain Controllers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483640 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Enterprise Read-only Domain Controllers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{4712ff52-f03e-40bd-ad4f-77a470fb3537}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-498" + ], + "sAMAccountName": [ + "Enterprise Read-only Domain Controllers" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12431 + ], + "uSNCreated": [ + 12429 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Enterprise Read-only Domain Controllers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Read-only Domain Controllers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members of this group are Read-Only Domain Controllers in the domain" + ], + "distinguishedName": [ + "CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Read-only Domain Controllers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{60b921a3-973d-4ea8-a1c2-7a800cbdc960}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-521" + ], + "sAMAccountName": [ + "Read-only Domain Controllers" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13089 + ], + "uSNCreated": [ + 12419 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Denied RODC Password Replication Group" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain" + ], + "distinguishedName": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483644 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb", + "CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb", + "CN=Domain Admins,CN=Users,DC=support,DC=htb", + "CN=Cert Publishers,CN=Users,DC=support,DC=htb", + "CN=Enterprise Admins,CN=Users,DC=support,DC=htb", + "CN=Schema Admins,CN=Users,DC=support,DC=htb", + "CN=Domain Controllers,CN=Users,DC=support,DC=htb", + "CN=krbtgt,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Denied RODC Password Replication Group" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ab817e25-ea74-4304-b9df-a0259904d719}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-572" + ], + "sAMAccountName": [ + "Denied RODC Password Replication Group" + ], + "sAMAccountType": [ + 536870912 + ], + "uSNChanged": [ + 12433 + ], + "uSNCreated": [ + 12405 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Allowed RODC Password Replication Group" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members in this group can have their passwords replicated to all read-only domain controllers in the domain" + ], + "distinguishedName": [ + "CN=Allowed RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483644 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Allowed RODC Password Replication Group" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{45a9d873-2408-4fd5-bb90-e0fdafde6aaf}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-571" + ], + "sAMAccountName": [ + "Allowed RODC Password Replication Group" + ], + "sAMAccountType": [ + 536870912 + ], + "uSNChanged": [ + 12404 + ], + "uSNCreated": [ + 12402 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Allowed RODC Password Replication Group,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Terminal Server License Servers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage" + ], + "distinguishedName": [ + "CN=Terminal Server License Servers,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Terminal Server License Servers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{54ac77f0-d469-4c1b-b8c9-806b35d0bfc4}" + ], + "objectSid": [ + "S-1-5-32-561" + ], + "sAMAccountName": [ + "Terminal Server License Servers" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12377 + ], + "uSNCreated": [ + 12375 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Terminal Server License Servers,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Windows Authorization Access Group" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects" + ], + "distinguishedName": [ + "CN=Windows Authorization Access Group,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=support,DC=htb" + ], + "name": [ + "Windows Authorization Access Group" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{5487a661-0e1c-4101-84f7-5479095d3165}" + ], + "objectSid": [ + "S-1-5-32-560" + ], + "sAMAccountName": [ + "Windows Authorization Access Group" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12396 + ], + "uSNCreated": [ + 12372 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Windows Authorization Access Group,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Incoming Forest Trust Builders" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can create incoming, one-way trusts to this forest" + ], + "distinguishedName": [ + "CN=Incoming Forest Trust Builders,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Incoming Forest Trust Builders" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{c61828b5-11ad-4030-8762-22da7e66ef05}" + ], + "objectSid": [ + "S-1-5-32-557" + ], + "sAMAccountName": [ + "Incoming Forest Trust Builders" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12371 + ], + "uSNCreated": [ + 12369 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Incoming Forest Trust Builders,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Pre-Windows 2000 Compatible Access" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "A backward compatibility group which allows read access on all users and groups in the domain" + ], + "distinguishedName": [ + "CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=support,DC=htb" + ], + "name": [ + "Pre-Windows 2000 Compatible Access" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{5b505648-8271-43a5-90ef-4060ed68c739}" + ], + "objectSid": [ + "S-1-5-32-554" + ], + "sAMAccountName": [ + "Pre-Windows 2000 Compatible Access" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12393 + ], + "uSNCreated": [ + 12366 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Account Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members can administer domain user and group accounts" + ], + "distinguishedName": [ + "CN=Account Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Account Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{4642e074-f318-4afd-af18-184070c149c7}" + ], + "objectSid": [ + "S-1-5-32-548" + ], + "sAMAccountName": [ + "Account Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13083 + ], + "uSNCreated": [ + 12363 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Account Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Server Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members can administer domain servers" + ], + "distinguishedName": [ + "CN=Server Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Server Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{d1186a0c-1a06-4928-8696-c59c33b4f37a}" + ], + "objectSid": [ + "S-1-5-32-549" + ], + "sAMAccountName": [ + "Server Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13078 + ], + "uSNCreated": [ + 12360 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Server Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "RAS and IAS Servers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Servers in this group can access remote access properties of users" + ], + "distinguishedName": [ + "CN=RAS and IAS Servers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483644 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "RAS and IAS Servers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ad87386b-bd1b-4783-9307-e0659bebe5ce}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-553" + ], + "sAMAccountName": [ + "RAS and IAS Servers" + ], + "sAMAccountType": [ + 536870912 + ], + "uSNChanged": [ + 12359 + ], + "uSNCreated": [ + 12357 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=RAS and IAS Servers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Group Policy Creator Owners" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members in this group can modify group policy for the domain" + ], + "distinguishedName": [ + "CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Group Policy Creator Owners" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{6e67f957-2c8a-4274-9163-489793879786}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-520" + ], + "sAMAccountName": [ + "Group Policy Creator Owners" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12391 + ], + "uSNCreated": [ + 12354 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Domain Guests" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "All domain guests" + ], + "distinguishedName": [ + "CN=Domain Guests,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "memberOf": [ + "CN=Guests,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Domain Guests" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{8d4e8816-2dd6-4ef3-99f0-e26685df13f2}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-514" + ], + "sAMAccountName": [ + "Domain Guests" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12353 + ], + "uSNCreated": [ + 12351 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Domain Guests,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Domain Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "All domain users" + ], + "distinguishedName": [ + "CN=Domain Users,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "memberOf": [ + "CN=Users,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Domain Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ee3f8fd2-61df-4360-868a-a237fdaf6a3f}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-513" + ], + "sAMAccountName": [ + "Domain Users" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12350 + ], + "uSNCreated": [ + 12348 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Domain Users,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Domain Admins" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Designated administrators of the domain" + ], + "distinguishedName": [ + "CN=Domain Admins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb", + "CN=Administrators,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Domain Admins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{3aeb0b4f-cc91-4c2d-805b-4ab844745e7d}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-512" + ], + "sAMAccountName": [ + "Domain Admins" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13069 + ], + "uSNCreated": [ + 12345 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Domain Admins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Cert Publishers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group are permitted to publish certificates to the directory" + ], + "distinguishedName": [ + "CN=Cert Publishers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483644 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Cert Publishers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{b8d00c3c-e1ef-4a03-b31f-1ca260e7388f}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-517" + ], + "sAMAccountName": [ + "Cert Publishers" + ], + "sAMAccountType": [ + 536870912 + ], + "uSNChanged": [ + 12344 + ], + "uSNCreated": [ + 12342 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Cert Publishers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Enterprise Admins" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Designated administrators of the enterprise" + ], + "distinguishedName": [ + "CN=Enterprise Admins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483640 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb", + "CN=Administrators,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Enterprise Admins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{685a77ab-0815-46c8-87e7-5f6e9f400ed4}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-519" + ], + "sAMAccountName": [ + "Enterprise Admins" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13073 + ], + "uSNCreated": [ + 12339 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Enterprise Admins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Schema Admins" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Designated administrators of the schema" + ], + "distinguishedName": [ + "CN=Schema Admins,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483640 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Schema Admins" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{715589b7-0bd9-4f31-9781-b4a27940716d}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-518" + ], + "sAMAccountName": [ + "Schema Admins" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13074 + ], + "uSNCreated": [ + 12336 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Schema Admins,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Domain Controllers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "All domain controllers in the domain" + ], + "distinguishedName": [ + "CN=Domain Controllers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Domain Controllers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{e88bde74-7080-40f6-b090-214563aad25a}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-516" + ], + "sAMAccountName": [ + "Domain Controllers" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 13088 + ], + "uSNCreated": [ + 12333 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Domain Controllers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Domain Computers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "All workstations and servers joined to the domain" + ], + "distinguishedName": [ + "CN=Domain Computers,CN=Users,DC=support,DC=htb" + ], + "groupType": [ + -2147483646 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Domain Computers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{89d68a14-ca6e-41af-85bb-67620b444f7b}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-515" + ], + "sAMAccountName": [ + "Domain Computers" + ], + "sAMAccountType": [ + 268435456 + ], + "uSNChanged": [ + 12332 + ], + "uSNCreated": [ + 12330 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=Domain Computers,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Storage Replica Administrators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group have complete and unrestricted access to all features of Storage Replica." + ], + "distinguishedName": [ + "CN=Storage Replica Administrators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Storage Replica Administrators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{12763118-603d-48f2-a5b6-e36c89bd02ac}" + ], + "objectSid": [ + "S-1-5-32-582" + ], + "sAMAccountName": [ + "Storage Replica Administrators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8232 + ], + "uSNCreated": [ + 8232 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Storage Replica Administrators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Remote Management Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user." + ], + "distinguishedName": [ + "CN=Remote Management Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=support,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Remote Management Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{0b441c6c-db20-4956-be7f-b98c28bf12a2}" + ], + "objectSid": [ + "S-1-5-32-580" + ], + "sAMAccountName": [ + "Remote Management Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12632 + ], + "uSNCreated": [ + 8231 + ], + "whenChanged": [ + "2022-05-28 11:12:04+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Remote Management Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Access Control Assistance Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can remotely query authorization attributes and permissions for resources on this computer." + ], + "distinguishedName": [ + "CN=Access Control Assistance Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Access Control Assistance Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{645c8c48-dfe8-47ed-90d5-b91a83f3fac6}" + ], + "objectSid": [ + "S-1-5-32-579" + ], + "sAMAccountName": [ + "Access Control Assistance Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8230 + ], + "uSNCreated": [ + 8230 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Access Control Assistance Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Hyper-V Administrators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group have complete and unrestricted access to all features of Hyper-V." + ], + "distinguishedName": [ + "CN=Hyper-V Administrators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Hyper-V Administrators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{49e8340c-1673-4887-a82f-2752ee68bee0}" + ], + "objectSid": [ + "S-1-5-32-578" + ], + "sAMAccountName": [ + "Hyper-V Administrators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8229 + ], + "uSNCreated": [ + 8229 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Hyper-V Administrators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "RDS Management Servers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group." + ], + "distinguishedName": [ + "CN=RDS Management Servers,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "RDS Management Servers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{f978f2c5-f3f7-48d7-917d-10b79b042851}" + ], + "objectSid": [ + "S-1-5-32-577" + ], + "sAMAccountName": [ + "RDS Management Servers" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8228 + ], + "uSNCreated": [ + 8228 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=RDS Management Servers,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "RDS Endpoint Servers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group." + ], + "distinguishedName": [ + "CN=RDS Endpoint Servers,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "RDS Endpoint Servers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{9dd523af-5b44-4201-b02f-07838d96c8f6}" + ], + "objectSid": [ + "S-1-5-32-576" + ], + "sAMAccountName": [ + "RDS Endpoint Servers" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8227 + ], + "uSNCreated": [ + 8227 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=RDS Endpoint Servers,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "RDS Remote Access Servers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group." + ], + "distinguishedName": [ + "CN=RDS Remote Access Servers,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "RDS Remote Access Servers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{6f5b5ede-dd9c-4e85-b640-b0fe3c810bfc}" + ], + "objectSid": [ + "S-1-5-32-575" + ], + "sAMAccountName": [ + "RDS Remote Access Servers" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8226 + ], + "uSNCreated": [ + 8226 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=RDS Remote Access Servers,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Certificate Service DCOM Access" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group are allowed to connect to Certification Authorities in the enterprise" + ], + "distinguishedName": [ + "CN=Certificate Service DCOM Access,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Certificate Service DCOM Access" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{38793501-74e5-44a3-a70d-d7adfd8e4027}" + ], + "objectSid": [ + "S-1-5-32-574" + ], + "sAMAccountName": [ + "Certificate Service DCOM Access" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8225 + ], + "uSNCreated": [ + 8225 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Certificate Service DCOM Access,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Event Log Readers" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can read event logs from local machine" + ], + "distinguishedName": [ + "CN=Event Log Readers,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Event Log Readers" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{4a4ea108-e60e-4d0b-b619-ec2fcb50a999}" + ], + "objectSid": [ + "S-1-5-32-573" + ], + "sAMAccountName": [ + "Event Log Readers" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8224 + ], + "uSNCreated": [ + 8224 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Event Log Readers,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Cryptographic Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members are authorized to perform cryptographic operations." + ], + "distinguishedName": [ + "CN=Cryptographic Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Cryptographic Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{6187c3fb-08cc-4f26-a44d-25c7f7d66437}" + ], + "objectSid": [ + "S-1-5-32-569" + ], + "sAMAccountName": [ + "Cryptographic Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8223 + ], + "uSNCreated": [ + 8223 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Cryptographic Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "IIS_IUSRS" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Built-in group used by Internet Information Services." + ], + "distinguishedName": [ + "CN=IIS_IUSRS,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=support,DC=htb" + ], + "name": [ + "IIS_IUSRS" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{f8649a4f-7ea1-4afe-b46b-adc980900e86}" + ], + "objectSid": [ + "S-1-5-32-568" + ], + "sAMAccountName": [ + "IIS_IUSRS" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8222 + ], + "uSNCreated": [ + 8219 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=IIS_IUSRS,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Distributed COM Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members are allowed to launch, activate and use Distributed COM objects on this machine." + ], + "distinguishedName": [ + "CN=Distributed COM Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Distributed COM Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{e1cb42ca-370a-41db-94d4-1d9ec98b3170}" + ], + "objectSid": [ + "S-1-5-32-562" + ], + "sAMAccountName": [ + "Distributed COM Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8218 + ], + "uSNCreated": [ + 8218 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Distributed COM Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Performance Log Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer" + ], + "distinguishedName": [ + "CN=Performance Log Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Performance Log Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{08a4fb3a-b86f-43f0-a776-f4170e25cc9a}" + ], + "objectSid": [ + "S-1-5-32-559" + ], + "sAMAccountName": [ + "Performance Log Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8217 + ], + "uSNCreated": [ + 8217 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Performance Log Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Performance Monitor Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members of this group can access performance counter data locally and remotely" + ], + "distinguishedName": [ + "CN=Performance Monitor Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Performance Monitor Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{ad86ea99-403f-422c-a8cc-1df3a2280f1d}" + ], + "objectSid": [ + "S-1-5-32-558" + ], + "sAMAccountName": [ + "Performance Monitor Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8216 + ], + "uSNCreated": [ + 8216 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Performance Monitor Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Network Configuration Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members in this group can have some administrative privileges to manage configuration of networking features" + ], + "distinguishedName": [ + "CN=Network Configuration Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Network Configuration Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{f88f6076-cf69-41b2-b187-3f306184a93e}" + ], + "objectSid": [ + "S-1-5-32-556" + ], + "sAMAccountName": [ + "Network Configuration Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8215 + ], + "uSNCreated": [ + 8215 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Network Configuration Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Remote Desktop Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Members in this group are granted the right to logon remotely" + ], + "distinguishedName": [ + "CN=Remote Desktop Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Remote Desktop Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{68505421-ea8e-4f5d-8316-bc1c66f9bb95}" + ], + "objectSid": [ + "S-1-5-32-555" + ], + "sAMAccountName": [ + "Remote Desktop Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 8214 + ], + "uSNCreated": [ + 8214 + ], + "whenChanged": [ + "2022-05-28 11:01:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Remote Desktop Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Replicator" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Supports file replication in a domain" + ], + "distinguishedName": [ + "CN=Replicator,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Replicator" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{a43fb4dd-d1a4-42c4-b62b-90a8cd946929}" + ], + "objectSid": [ + "S-1-5-32-552" + ], + "sAMAccountName": [ + "Replicator" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13085 + ], + "uSNCreated": [ + 8213 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Replicator,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Backup Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Backup Operators can override security restrictions for the sole purpose of backing up or restoring files" + ], + "distinguishedName": [ + "CN=Backup Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Backup Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{08394847-67d8-46b6-a20e-7f5568733a05}" + ], + "objectSid": [ + "S-1-5-32-551" + ], + "sAMAccountName": [ + "Backup Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13082 + ], + "uSNCreated": [ + 8212 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Backup Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Print Operators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Members can administer printers installed on domain controllers" + ], + "distinguishedName": [ + "CN=Print Operators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "name": [ + "Print Operators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{1ae25623-2d0c-41ba-8849-1a5af8d1c8b6}" + ], + "objectSid": [ + "S-1-5-32-550" + ], + "sAMAccountName": [ + "Print Operators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13080 + ], + "uSNCreated": [ + 8211 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Print Operators,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Guests" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted" + ], + "distinguishedName": [ + "CN=Guests,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Domain Guests,CN=Users,DC=support,DC=htb", + "CN=Guest,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Guests" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{4d18e3c5-48ec-4fbb-ad0e-41c5e5684942}" + ], + "objectSid": [ + "S-1-5-32-546" + ], + "sAMAccountName": [ + "Guests" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12383 + ], + "uSNCreated": [ + 8208 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Guests,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "cn": [ + "Users" + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Users are prevented from making accidental or intentional system-wide changes and can run most applications" + ], + "distinguishedName": [ + "CN=Users,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Domain Users,CN=Users,DC=support,DC=htb", + "CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=support,DC=htb", + "CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=support,DC=htb" + ], + "name": [ + "Users" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{0d98d3da-a992-49b4-a6a3-5b1fb60c89af}" + ], + "objectSid": [ + "S-1-5-32-545" + ], + "sAMAccountName": [ + "Users" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 12381 + ], + "uSNCreated": [ + 8202 + ], + "whenChanged": [ + "2022-05-28 11:03:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Users,CN=Builtin,DC=support,DC=htb" +},{ + "attributes": { + "adminCount": [ + 1 + ], + "cn": [ + "Administrators" + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:43+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Administrators have complete and unrestricted access to the computer/domain" + ], + "distinguishedName": [ + "CN=Administrators,CN=Builtin,DC=support,DC=htb" + ], + "groupType": [ + -2147483643 + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "member": [ + "CN=Domain Admins,CN=Users,DC=support,DC=htb", + "CN=Enterprise Admins,CN=Users,DC=support,DC=htb", + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "name": [ + "Administrators" + ], + "objectCategory": [ + "CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "group" + ], + "objectGUID": [ + "{878a5a09-0d69-4bf6-b975-3bc4ae43dc78}" + ], + "objectSid": [ + "S-1-5-32-544" + ], + "sAMAccountName": [ + "Administrators" + ], + "sAMAccountType": [ + 536870912 + ], + "systemFlags": [ + -1946157056 + ], + "uSNChanged": [ + 13077 + ], + "uSNCreated": [ + 8199 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Administrators,CN=Builtin,DC=support,DC=htb" +}]
\ No newline at end of file diff --git a/support/domaindump/domain_policy.grep b/support/domaindump/domain_policy.grep new file mode 100644 index 0000000..3977254 --- /dev/null +++ b/support/domaindump/domain_policy.grep @@ -0,0 +1,2 @@ +distinguishedName lockOutObservationWindow lockoutDuration lockoutThreshold maxPwdAge minPwdAge minPwdLength pwdHistoryLength pwdProperties ms-DS-MachineAccountQuota +DC=support,DC=htb 30.0 minutes 30.0 minutes 0 1000000000.00 days 1.00 days 7 24 PASSWORD_COMPLEX 10
\ No newline at end of file diff --git a/support/domaindump/domain_policy.html b/support/domaindump/domain_policy.html new file mode 100644 index 0000000..e812367 --- /dev/null +++ b/support/domaindump/domain_policy.html @@ -0,0 +1,34 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="10" id="cn_Domain_policy">Domain policy</td></tr></thead><tbody><tr><th>distinguishedName</th><th>Lockout time window</th><th>Lockout Duration</th><th>Lockout Threshold</th><th>Max password age</th><th>Min password age</th><th>Min password length</th><th>Password history length</th><th>Password properties</th><th>Machine Account Quota</th></tr> +<tr><td>DC=support,DC=htb</td><td>30.0 minutes</td><td>30.0 minutes</td><td>0</td><td>1000000000.00 days</td><td>1.00 days</td><td>7</td><td>24</td><td>PASSWORD_COMPLEX</td><td>10</td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_policy.json b/support/domaindump/domain_policy.json new file mode 100644 index 0000000..1c7e202 --- /dev/null +++ b/support/domaindump/domain_policy.json @@ -0,0 +1,176 @@ +[{ + "attributes": { + "auditingPolicy": [ + "\u0000\u0001" + ], + "creationTime": [ + "2022-08-19 04:31:47.260679+00:00" + ], + "dSASignature": [ + { + "encoded": "AQAAACgAAAAAAAAAAAAAAAAAAAAAAAAA5VYBKcsiG0+bllUW2Ew2PA==", + "encoding": "base64" + } + ], + "dSCorePropagationData": [ + "1601-01-01 00:00:00+00:00" + ], + "dc": [ + "support" + ], + "distinguishedName": [ + "DC=support,DC=htb" + ], + "fSMORoleOwner": [ + "CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb" + ], + "forceLogoff": [ + -9223372036854775808 + ], + "gPLink": [ + "[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=support,DC=htb;0]" + ], + "instanceType": [ + 5 + ], + "isCriticalSystemObject": [ + true + ], + "lockOutObservationWindow": [ + "0:30:00" + ], + "lockoutDuration": [ + "0:30:00" + ], + "lockoutThreshold": [ + 0 + ], + "masteredBy": [ + "CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb" + ], + "maxPwdAge": [ + "999999999 days, 23:59:59.999999" + ], + "minPwdAge": [ + "1 day, 0:00:00" + ], + "minPwdLength": [ + 7 + ], + "modifiedCount": [ + 1 + ], + "modifiedCountAtLastProm": [ + 0 + ], + "ms-DS-MachineAccountQuota": [ + 10 + ], + "msDS-AllUsersTrustQuota": [ + 1000 + ], + "msDS-Behavior-Version": [ + 7 + ], + "msDS-ExpirePasswordsOnSmartCardOnlyAccounts": [ + true + ], + "msDS-IsDomainFor": [ + "CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb" + ], + "msDS-NcType": [ + 0 + ], + "msDS-PerUserTrustQuota": [ + 1 + ], + "msDS-PerUserTrustTombstonesQuota": [ + 10 + ], + "msDs-masteredBy": [ + "CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb" + ], + "nTMixedDomain": [ + 0 + ], + "name": [ + "support" + ], + "nextRid": [ + 1000 + ], + "objectCategory": [ + "CN=Domain-DNS,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "domain", + "domainDNS" + ], + "objectGUID": [ + "{553cd9a3-86c4-4d64-9e85-5146a98c868e}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654" + ], + "otherWellKnownObjects": [ + "B:32:683A24E2E8164BD3AF86AC3C2CF3F981:CN=Keys,DC=support,DC=htb", + "B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Service Accounts,DC=support,DC=htb" + ], + "pwdHistoryLength": [ + 24 + ], + "pwdProperties": [ + 1 + ], + "rIDManagerReference": [ + "CN=RID Manager$,CN=System,DC=support,DC=htb" + ], + "replUpToDateVector": [ + { + "encoded": "AgAAAAAAAAAIAAAAAAAAAOVWASnLIhtPm5ZVFthMNjwCQAAAAAAAAPt+5xgDAAAAZ6vYPcTkRkO0MFdWs1QQvg8QAQAAAAAAVnnwGAMAAAD+QDhi4WGeQJzRK0Oxy/DzETABAAAAAADin/AYAwAAAE1xSnqneJdOoS4KYD+/c0AOAAEAAAAAAGMS6xgDAAAAd62sflaFQUqcdbgJy/UK7xJAAQAAAAAAMaMPGQMAAAA9xlubHL0ORprzS2KWPEOHBGAAAAAAAAB6xegYAwAAAJjUpNK4xSxHt3H97S3gZQcFcAAAAAAAAKPC6RgDAAAAJ7XI2ms7OEip16SpLPtxPgzgAAAAAAAAOjnqGAMAAAA=", + "encoding": "base64" + } + ], + "serverState": [ + 1 + ], + "subRefs": [ + "DC=ForestDnsZones,DC=support,DC=htb", + "DC=DomainDnsZones,DC=support,DC=htb", + "CN=Configuration,DC=support,DC=htb" + ], + "systemFlags": [ + -1946157056 + ], + "uASCompat": [ + 0 + ], + "uSNChanged": [ + 81948 + ], + "uSNCreated": [ + 4099 + ], + "wellKnownObjects": [ + "B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=support,DC=htb", + "B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Program Data,DC=support,DC=htb", + "B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=support,DC=htb", + "B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrincipals,DC=support,DC=htb", + "B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=support,DC=htb", + "B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=support,DC=htb", + "B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=support,DC=htb", + "B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=support,DC=htb", + "B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,DC=support,DC=htb", + "B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=support,DC=htb", + "B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=support,DC=htb" + ], + "whenChanged": [ + "2022-08-19 04:31:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:46+00:00" + ] + }, + "dn": "DC=support,DC=htb" +}]
\ No newline at end of file diff --git a/support/domaindump/domain_trusts.grep b/support/domaindump/domain_trusts.grep new file mode 100644 index 0000000..26e6406 --- /dev/null +++ b/support/domaindump/domain_trusts.grep @@ -0,0 +1 @@ +cn flatName securityIdentifier trustAttributes trustDirection trustType
\ No newline at end of file diff --git a/support/domaindump/domain_trusts.html b/support/domaindump/domain_trusts.html new file mode 100644 index 0000000..57fd9a8 --- /dev/null +++ b/support/domaindump/domain_trusts.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="6" id="cn_Domain_trusts">Domain trusts</td></tr></thead><tbody><tr><th>CN</th><th>NETBIOS Domain name</th><th>securityIdentifier</th><th>trustAttributes</th><th>trustDirection</th><th>trustType</th></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_trusts.json b/support/domaindump/domain_trusts.json new file mode 100644 index 0000000..0637a08 --- /dev/null +++ b/support/domaindump/domain_trusts.json @@ -0,0 +1 @@ +[]
\ No newline at end of file diff --git a/support/domaindump/domain_users.grep b/support/domaindump/domain_users.grep new file mode 100644 index 0000000..01dd9d3 --- /dev/null +++ b/support/domaindump/domain_users.grep @@ -0,0 +1,21 @@ +cn name sAMAccountName memberOf primaryGroupId whenCreated whenChanged lastLogon userAccountControl pwdLastSet objectSid description +ford.victoria ford.victoria ford.victoria Domain Users 05/28/22 11:15:57 05/28/22 11:15:58 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:15:58 S-1-5-21-1677581083-3380853377-188903654-1120 +stoll.rachelle stoll.rachelle stoll.rachelle Domain Users 05/28/22 11:15:42 05/28/22 11:15:43 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:15:42 S-1-5-21-1677581083-3380853377-188903654-1119 +daughtler.mabel daughtler.mabel daughtler.mabel Domain Users 05/28/22 11:15:26 05/28/22 11:15:27 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:15:26 S-1-5-21-1677581083-3380853377-188903654-1118 +langley.lucy langley.lucy langley.lucy Domain Users 05/28/22 11:15:10 05/28/22 11:15:11 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:15:10 S-1-5-21-1677581083-3380853377-188903654-1117 +west.laura west.laura west.laura Domain Users 05/28/22 11:14:55 05/28/22 11:14:56 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:14:55 S-1-5-21-1677581083-3380853377-188903654-1116 +monroe.david monroe.david monroe.david Domain Users 05/28/22 11:14:39 05/28/22 11:14:40 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:14:39 S-1-5-21-1677581083-3380853377-188903654-1115 +cromwell.gerard cromwell.gerard cromwell.gerard Domain Users 05/28/22 11:14:24 05/28/22 11:14:24 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:14:24 S-1-5-21-1677581083-3380853377-188903654-1114 +bardot.mary bardot.mary bardot.mary Domain Users 05/28/22 11:14:08 05/28/22 11:14:09 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:14:08 S-1-5-21-1677581083-3380853377-188903654-1113 +raven.clifton raven.clifton raven.clifton Domain Users 05/28/22 11:13:52 05/28/22 11:13:53 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:13:53 S-1-5-21-1677581083-3380853377-188903654-1112 +levine.leopoldo levine.leopoldo levine.leopoldo Domain Users 05/28/22 11:13:37 05/28/22 11:13:38 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:13:37 S-1-5-21-1677581083-3380853377-188903654-1111 +thomas.raphael thomas.raphael thomas.raphael Domain Users 05/28/22 11:13:21 05/28/22 11:13:22 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:13:21 S-1-5-21-1677581083-3380853377-188903654-1110 +anderson.damian anderson.damian anderson.damian Domain Users 05/28/22 11:13:05 05/28/22 11:13:06 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:13:05 S-1-5-21-1677581083-3380853377-188903654-1109 +wilson.shelby wilson.shelby wilson.shelby Domain Users 05/28/22 11:12:50 05/28/22 11:12:51 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:12:50 S-1-5-21-1677581083-3380853377-188903654-1108 +hernandez.stanley hernandez.stanley hernandez.stanley Domain Users 05/28/22 11:12:34 05/28/22 11:12:35 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:12:34 S-1-5-21-1677581083-3380853377-188903654-1107 +smith.rosario smith.rosario smith.rosario Domain Users 05/28/22 11:12:19 05/28/22 11:12:19 01/01/01 00:00:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:12:19 S-1-5-21-1677581083-3380853377-188903654-1106 +support support support Shared Support Accounts, Remote Management Users Domain Users 05/28/22 11:12:00 08/19/22 13:47:57 08/19/22 14:44:55 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:12:00 S-1-5-21-1677581083-3380853377-188903654-1105 +ldap ldap ldap Domain Users 05/28/22 11:11:46 08/19/22 13:02:01 08/19/22 14:53:00 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:11:46 S-1-5-21-1677581083-3380853377-188903654-1104 +krbtgt krbtgt krbtgt Denied RODC Password Replication Group Domain Users 05/28/22 11:03:43 05/28/22 11:19:47 01/01/01 00:00:00 ACCOUNT_DISABLED, NORMAL_ACCOUNT 05/28/22 11:03:43 S-1-5-21-1677581083-3380853377-188903654-502 Key Distribution Center Service Account +Guest Guest Guest Guests Domain Guests 05/28/22 11:01:56 08/19/22 06:15:24 01/01/01 00:00:00 PASSWD_NOTREQD, NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD 05/28/22 11:18:55 S-1-5-21-1677581083-3380853377-188903654-501 Built-in account for guest access to the computer/domain +Administrator Administrator Administrator Group Policy Creator Owners, Domain Admins, Enterprise Admins, Schema Admins, Administrators Domain Users 05/28/22 11:01:56 08/19/22 04:32:27 08/19/22 04:32:50 NORMAL_ACCOUNT 07/19/22 17:55:56 S-1-5-21-1677581083-3380853377-188903654-500 Built-in account for administering the computer/domain
\ No newline at end of file diff --git a/support/domaindump/domain_users.html b/support/domaindump/domain_users.html new file mode 100644 index 0000000..bea5dd8 --- /dev/null +++ b/support/domaindump/domain_users.html @@ -0,0 +1,53 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="12" id="cn_Domain_users">Domain users</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Member of groups</th><th>Primary group</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>ford.victoria</td><td>ford.victoria</td><td>ford.victoria</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:15:57</td><td>05/28/22 11:15:58</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:58</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1120">1120</abbr></td><td> </td></tr> +<tr><td>stoll.rachelle</td><td>stoll.rachelle</td><td>stoll.rachelle</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:15:42</td><td>05/28/22 11:15:43</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:42</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1119">1119</abbr></td><td> </td></tr> +<tr><td>daughtler.mabel</td><td>daughtler.mabel</td><td>daughtler.mabel</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:15:26</td><td>05/28/22 11:15:27</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:26</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1118">1118</abbr></td><td> </td></tr> +<tr><td>langley.lucy</td><td>langley.lucy</td><td>langley.lucy</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:15:10</td><td>05/28/22 11:15:11</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:10</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1117">1117</abbr></td><td> </td></tr> +<tr><td>west.laura</td><td>west.laura</td><td>west.laura</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:14:55</td><td>05/28/22 11:14:56</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:55</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1116">1116</abbr></td><td> </td></tr> +<tr><td>monroe.david</td><td>monroe.david</td><td>monroe.david</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:14:39</td><td>05/28/22 11:14:40</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:39</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1115">1115</abbr></td><td> </td></tr> +<tr><td>cromwell.gerard</td><td>cromwell.gerard</td><td>cromwell.gerard</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:14:24</td><td>05/28/22 11:14:24</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:24</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1114">1114</abbr></td><td> </td></tr> +<tr><td>bardot.mary</td><td>bardot.mary</td><td>bardot.mary</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:14:08</td><td>05/28/22 11:14:09</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:08</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1113">1113</abbr></td><td> </td></tr> +<tr><td>raven.clifton</td><td>raven.clifton</td><td>raven.clifton</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:13:52</td><td>05/28/22 11:13:53</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:53</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1112">1112</abbr></td><td> </td></tr> +<tr><td>levine.leopoldo</td><td>levine.leopoldo</td><td>levine.leopoldo</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:13:37</td><td>05/28/22 11:13:38</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:37</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1111">1111</abbr></td><td> </td></tr> +<tr><td>thomas.raphael</td><td>thomas.raphael</td><td>thomas.raphael</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:13:21</td><td>05/28/22 11:13:22</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:21</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1110">1110</abbr></td><td> </td></tr> +<tr><td>anderson.damian</td><td>anderson.damian</td><td>anderson.damian</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:13:05</td><td>05/28/22 11:13:06</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:05</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1109">1109</abbr></td><td> </td></tr> +<tr><td>wilson.shelby</td><td>wilson.shelby</td><td>wilson.shelby</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:12:50</td><td>05/28/22 11:12:51</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:50</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1108">1108</abbr></td><td> </td></tr> +<tr><td>hernandez.stanley</td><td>hernandez.stanley</td><td>hernandez.stanley</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:12:34</td><td>05/28/22 11:12:35</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:34</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1107">1107</abbr></td><td> </td></tr> +<tr><td>smith.rosario</td><td>smith.rosario</td><td>smith.rosario</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:12:19</td><td>05/28/22 11:12:19</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:19</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1106">1106</abbr></td><td> </td></tr> +<tr><td>support</td><td>support</td><td>support</td><td><a href="domain_users_by_group.html#cn_Shared_Support_Accounts" title="CN=Shared Support Accounts,CN=Users,DC=support,DC=htb">Shared Support Accounts</a>, <a href="domain_users_by_group.html#cn_Remote_Management_Users" title="CN=Remote Management Users,CN=Builtin,DC=support,DC=htb">Remote Management Users</a></td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:12:00</td><td>08/19/22 13:47:57</td><td>08/19/22 14:44:55</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:00</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1105">1105</abbr></td><td> </td></tr> +<tr><td>ldap</td><td>ldap</td><td>ldap</td><td> </td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:11:46</td><td>08/19/22 13:02:01</td><td>08/19/22 14:53:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:11:46</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1104">1104</abbr></td><td> </td></tr> +<tr><td>krbtgt</td><td>krbtgt</td><td>krbtgt</td><td><a href="domain_users_by_group.html#cn_Denied_RODC_Password_Replication_Group" title="CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb">Denied RODC Password Replication Group</a></td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td>01/01/01 00:00:00</td><td>ACCOUNT_DISABLED, NORMAL_ACCOUNT</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-502">502</abbr></td><td>Key Distribution Center Service Account</td></tr> +<tr><td>Guest</td><td>Guest</td><td>Guest</td><td><a href="domain_users_by_group.html#cn_Guests" title="CN=Guests,CN=Builtin,DC=support,DC=htb">Guests</a></td><td><a href="domain_users_by_group.html#cn_Domain_Guests" title="CN=Domain Guests,CN=Users,DC=support,DC=htb">Domain Guests</a></td><td>05/28/22 11:01:56</td><td>08/19/22 06:15:24</td><td>01/01/01 00:00:00</td><td>PASSWD_NOTREQD, NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:18:55</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-501">501</abbr></td><td>Built-in account for guest access to the computer/domain</td></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td><a href="domain_users_by_group.html#cn_Group_Policy_Creator_Owners" title="CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb">Group Policy Creator Owners</a>, <a href="domain_users_by_group.html#cn_Domain_Admins" title="CN=Domain Admins,CN=Users,DC=support,DC=htb">Domain Admins</a>, <a href="domain_users_by_group.html#cn_Enterprise_Admins" title="CN=Enterprise Admins,CN=Users,DC=support,DC=htb">Enterprise Admins</a>, <a href="domain_users_by_group.html#cn_Schema_Admins" title="CN=Schema Admins,CN=Users,DC=support,DC=htb">Schema Admins</a>, <a href="domain_users_by_group.html#cn_Administrators" title="CN=Administrators,CN=Builtin,DC=support,DC=htb">Administrators</a></td><td><a href="domain_users_by_group.html#cn_Domain_Users" title="CN=Domain Users,CN=Users,DC=support,DC=htb">Domain Users</a></td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/domaindump/domain_users.json b/support/domaindump/domain_users.json new file mode 100644 index 0000000..3811a32 --- /dev/null +++ b/support/domaindump/domain_users.json @@ -0,0 +1,2242 @@ +[{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "ford.victoria" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:15:58+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=ford.victoria,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "victoria" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "ford.victoria@support.htb" + ], + "name": [ + "ford.victoria" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{3040018a-60f8-4a00-8c16-bff81d4218e4}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1120" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:15:58.118301+00:00" + ], + "sAMAccountName": [ + "ford.victoria" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "ford" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 13063 + ], + "uSNCreated": [ + 13048 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:15:58+00:00" + ], + "whenCreated": [ + "2022-05-28 11:15:57+00:00" + ] + }, + "dn": "CN=ford.victoria,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "stoll.rachelle" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:15:42+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=stoll.rachelle,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "rachelle" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "stoll.rachelle@support.htb" + ], + "name": [ + "stoll.rachelle" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{5961ef39-a8bc-45b6-a0f8-0b72fdb70a63}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1119" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:15:42.290215+00:00" + ], + "sAMAccountName": [ + "stoll.rachelle" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "stoll" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 13045 + ], + "uSNCreated": [ + 13030 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:15:43+00:00" + ], + "whenCreated": [ + "2022-05-28 11:15:42+00:00" + ] + }, + "dn": "CN=stoll.rachelle,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "daughtler.mabel" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:15:26+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=daughtler.mabel,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "mabel" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "daughtler.mabel@support.htb" + ], + "name": [ + "daughtler.mabel" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{c8f66189-bbc6-4787-b574-f00a4fd32d80}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1118" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:15:26.274557+00:00" + ], + "sAMAccountName": [ + "daughtler.mabel" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "daughtler" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 13028 + ], + "uSNCreated": [ + 13013 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:15:27+00:00" + ], + "whenCreated": [ + "2022-05-28 11:15:26+00:00" + ] + }, + "dn": "CN=daughtler.mabel,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "langley.lucy" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:15:11+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=langley.lucy,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "lucy" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "langley.lucy@support.htb" + ], + "name": [ + "langley.lucy" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{7fe7d74f-08a4-4d94-aecf-ee188456776b}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1117" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:15:10.930799+00:00" + ], + "sAMAccountName": [ + "langley.lucy" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "langley" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 13011 + ], + "uSNCreated": [ + 12996 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:15:11+00:00" + ], + "whenCreated": [ + "2022-05-28 11:15:10+00:00" + ] + }, + "dn": "CN=langley.lucy,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "2022-08-19 15:01:06.138906+00:00" + ], + "badPwdCount": [ + 1309 + ], + "c": [ + "US" + ], + "cn": [ + "west.laura" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:14:55+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=west.laura,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "laura" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "west.laura@support.htb" + ], + "name": [ + "west.laura" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{790ca06e-b8aa-41da-8865-b7cc9f15f144}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1116" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:14:55.446424+00:00" + ], + "sAMAccountName": [ + "west.laura" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "west" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12994 + ], + "uSNCreated": [ + 12979 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:14:56+00:00" + ], + "whenCreated": [ + "2022-05-28 11:14:55+00:00" + ] + }, + "dn": "CN=west.laura,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "monroe.david" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:14:39+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=monroe.david,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "david" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "monroe.david@support.htb" + ], + "name": [ + "monroe.david" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{719c0404-e2c5-4220-a1c2-0a7ffeb070c0}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1115" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:14:39.712057+00:00" + ], + "sAMAccountName": [ + "monroe.david" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "monroe" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12974 + ], + "uSNCreated": [ + 12959 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:14:40+00:00" + ], + "whenCreated": [ + "2022-05-28 11:14:39+00:00" + ] + }, + "dn": "CN=monroe.david,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "cromwell.gerard" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:14:24+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=cromwell.gerard,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "gerard" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "cromwell.gerard@support.htb" + ], + "name": [ + "cromwell.gerard" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{52c897b7-cd64-4964-ac38-4a17920d4f7c}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1114" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:14:24.258921+00:00" + ], + "sAMAccountName": [ + "cromwell.gerard" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "cromwell" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12957 + ], + "uSNCreated": [ + 12942 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:14:24+00:00" + ], + "whenCreated": [ + "2022-05-28 11:14:24+00:00" + ] + }, + "dn": "CN=cromwell.gerard,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "bardot.mary" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:14:08+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=bardot.mary,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "mary" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "bardot.mary@support.htb" + ], + "name": [ + "bardot.mary" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{94869f6e-2056-48c1-b2d7-af4388ac447e}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1113" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:14:08.633924+00:00" + ], + "sAMAccountName": [ + "bardot.mary" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "bardot" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12940 + ], + "uSNCreated": [ + 12925 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:14:09+00:00" + ], + "whenCreated": [ + "2022-05-28 11:14:08+00:00" + ] + }, + "dn": "CN=bardot.mary,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "2022-08-19 15:01:04.643522+00:00" + ], + "badPwdCount": [ + 1450 + ], + "c": [ + "US" + ], + "cn": [ + "raven.clifton" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:13:53+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=raven.clifton,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "clifton" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "raven.clifton@support.htb" + ], + "name": [ + "raven.clifton" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{a3e382af-c3b7-4e7a-8564-dd42048dfbe7}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1112" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:13:53.133921+00:00" + ], + "sAMAccountName": [ + "raven.clifton" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "raven" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12923 + ], + "uSNCreated": [ + 12908 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:13:53+00:00" + ], + "whenCreated": [ + "2022-05-28 11:13:52+00:00" + ] + }, + "dn": "CN=raven.clifton,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "levine.leopoldo" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:13:37+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=levine.leopoldo,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "leopoldo" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "levine.leopoldo@support.htb" + ], + "name": [ + "levine.leopoldo" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{4df5a4cd-678b-4235-afae-42bf7c78dfd1}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1111" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:13:37.508924+00:00" + ], + "sAMAccountName": [ + "levine.leopoldo" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "levine" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12906 + ], + "uSNCreated": [ + 12891 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:13:38+00:00" + ], + "whenCreated": [ + "2022-05-28 11:13:37+00:00" + ] + }, + "dn": "CN=levine.leopoldo,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "thomas.raphael" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:13:22+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=thomas.raphael,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "raphael" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "thomas.raphael@support.htb" + ], + "name": [ + "thomas.raphael" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{e7ddaab1-a355-4dc1-94b8-2b53d011b0ba}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1110" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:13:21.774559+00:00" + ], + "sAMAccountName": [ + "thomas.raphael" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "thomas" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12721 + ], + "uSNCreated": [ + 12706 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:13:22+00:00" + ], + "whenCreated": [ + "2022-05-28 11:13:21+00:00" + ] + }, + "dn": "CN=thomas.raphael,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "anderson.damian" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:13:06+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=anderson.damian,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "damian" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "anderson.damian@support.htb" + ], + "name": [ + "anderson.damian" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{fb002adf-875c-46a9-8d93-2655dc0c2885}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1109" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:13:05.993294+00:00" + ], + "sAMAccountName": [ + "anderson.damian" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "anderson" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12704 + ], + "uSNCreated": [ + 12689 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:13:06+00:00" + ], + "whenCreated": [ + "2022-05-28 11:13:05+00:00" + ] + }, + "dn": "CN=anderson.damian,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "wilson.shelby" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:12:50+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=wilson.shelby,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "shelby" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "wilson.shelby@support.htb" + ], + "name": [ + "wilson.shelby" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{5688b25d-f151-4689-b50f-90997c9246f4}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1108" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:12:50.352678+00:00" + ], + "sAMAccountName": [ + "wilson.shelby" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "wilson" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12687 + ], + "uSNCreated": [ + 12672 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:12:51+00:00" + ], + "whenCreated": [ + "2022-05-28 11:12:50+00:00" + ] + }, + "dn": "CN=wilson.shelby,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "hernandez.stanley" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:12:35+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=hernandez.stanley,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "stanley" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "hernandez.stanley@support.htb" + ], + "name": [ + "hernandez.stanley" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{2f6ecd2f-a44e-435c-9633-6427f30c36a8}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1107" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:12:34.870817+00:00" + ], + "sAMAccountName": [ + "hernandez.stanley" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "hernandez" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12670 + ], + "uSNCreated": [ + 12655 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:12:35+00:00" + ], + "whenCreated": [ + "2022-05-28 11:12:34+00:00" + ] + }, + "dn": "CN=hernandez.stanley,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "smith.rosario" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:12:19+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=smith.rosario,CN=Users,DC=support,DC=htb" + ], + "givenName": [ + "rosario" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "mail": [ + "smith.rosario@support.htb" + ], + "name": [ + "smith.rosario" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{e0a8b9c6-6c69-46b9-a37e-7906dc204cae}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1106" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:12:19.305798+00:00" + ], + "sAMAccountName": [ + "smith.rosario" + ], + "sAMAccountType": [ + 805306368 + ], + "sn": [ + "smith" + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 12653 + ], + "uSNCreated": [ + 12638 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-05-28 11:12:19+00:00" + ], + "whenCreated": [ + "2022-05-28 11:12:19+00:00" + ] + }, + "dn": "CN=smith.rosario,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "2022-08-19 14:37:58.764990+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "support" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:12:01+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=support,CN=Users,DC=support,DC=htb" + ], + "info": [ + "Ironside47pleasure40Watchful" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "2022-08-19 14:44:55.318472+00:00" + ], + "lastLogonTimestamp": [ + "2022-08-19 13:47:57.299465+00:00" + ], + "logonCount": [ + 0 + ], + "memberOf": [ + "CN=Shared Support Accounts,CN=Users,DC=support,DC=htb", + "CN=Remote Management Users,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "support" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{3139a30a-31fa-4530-9ea4-8053b396a7f1}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1105" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:12:00.977707+00:00" + ], + "sAMAccountName": [ + "support" + ], + "sAMAccountType": [ + 805306368 + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 122847 + ], + "uSNCreated": [ + 12617 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-08-19 13:47:57+00:00" + ], + "whenCreated": [ + "2022-05-28 11:12:00+00:00" + ] + }, + "dn": "CN=support,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "badPasswordTime": [ + "2022-08-19 14:43:11.827740+00:00" + ], + "badPwdCount": [ + 0 + ], + "c": [ + "US" + ], + "cn": [ + "ldap" + ], + "codePage": [ + 0 + ], + "company": [ + "support" + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:11:46+00:00", + "1601-01-01 00:00:00+00:00" + ], + "distinguishedName": [ + "CN=ldap,CN=Users,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "l": [ + "Chapel Hill" + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "2022-08-19 14:53:00.009041+00:00" + ], + "lastLogonTimestamp": [ + "2022-08-19 13:02:01.121540+00:00" + ], + "logonCount": [ + 0 + ], + "name": [ + "ldap" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{8c2fa5ff-cd3a-414f-b264-5b7d0b3ae07d}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-1104" + ], + "postalCode": [ + "27514" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:11:46.462053+00:00" + ], + "sAMAccountName": [ + "ldap" + ], + "sAMAccountType": [ + 805306368 + ], + "st": [ + "NC" + ], + "streetAddress": [ + "Skipper Bowles Dr" + ], + "uSNChanged": [ + 122843 + ], + "uSNCreated": [ + 12603 + ], + "userAccountControl": [ + 66048 + ], + "whenChanged": [ + "2022-08-19 13:02:01+00:00" + ], + "whenCreated": [ + "2022-05-28 11:11:46+00:00" + ] + }, + "dn": "CN=ldap,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "9999-12-31 23:59:59.999999+00:00" + ], + "adminCount": [ + 1 + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "krbtgt" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:04:16+00:00" + ], + "description": [ + "Key Distribution Center Service Account" + ], + "distinguishedName": [ + "CN=krbtgt,CN=Users,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "logonCount": [ + 0 + ], + "memberOf": [ + "CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb" + ], + "msDS-SupportedEncryptionTypes": [ + 0 + ], + "name": [ + "krbtgt" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{d8fa16ff-159f-43b5-abc4-a14ca68551d6}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-502" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-05-28 11:03:43.762634+00:00" + ], + "sAMAccountName": [ + "krbtgt" + ], + "sAMAccountType": [ + 805306368 + ], + "servicePrincipalName": [ + "kadmin/changepw" + ], + "showInAdvancedViewOnly": [ + true + ], + "uSNChanged": [ + 13087 + ], + "uSNCreated": [ + 12324 + ], + "userAccountControl": [ + 514 + ], + "whenChanged": [ + "2022-05-28 11:19:47+00:00" + ], + "whenCreated": [ + "2022-05-28 11:03:43+00:00" + ] + }, + "dn": "CN=krbtgt,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "1601-01-01 00:00:00+00:00" + ], + "badPasswordTime": [ + "1601-01-01 00:00:00+00:00" + ], + "badPwdCount": [ + 0 + ], + "cn": [ + "Guest" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:03:44+00:00", + "1601-01-01 00:00:01+00:00" + ], + "description": [ + "Built-in account for guest access to the computer/domain" + ], + "distinguishedName": [ + "CN=Guest,CN=Users,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogonTimestamp": [ + "2022-08-19 06:15:24.931755+00:00" + ], + "logonCount": [ + 0 + ], + "logonHours": [ + { + "encoded": "////////////////////////////", + "encoding": "base64" + } + ], + "memberOf": [ + "CN=Guests,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Guest" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{1c087494-8a8f-4e63-90b2-084e5357942f}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-501" + ], + "primaryGroupID": [ + 514 + ], + "pwdLastSet": [ + "2022-05-28 11:18:55.212082+00:00" + ], + "sAMAccountName": [ + "Guest" + ], + "sAMAccountType": [ + 805306368 + ], + "uSNChanged": [ + 81994 + ], + "uSNCreated": [ + 8197 + ], + "userAccountControl": [ + 66080 + ], + "whenChanged": [ + "2022-08-19 06:15:24+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Guest,CN=Users,DC=support,DC=htb" +},{ + "attributes": { + "accountExpires": [ + "1601-01-01 00:00:00+00:00" + ], + "adminCount": [ + 1 + ], + "badPasswordTime": [ + "2022-08-19 12:18:22.972431+00:00" + ], + "badPwdCount": [ + 1 + ], + "cn": [ + "Administrator" + ], + "codePage": [ + 0 + ], + "countryCode": [ + 0 + ], + "dSCorePropagationData": [ + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:19:47+00:00", + "2022-05-28 11:03:44+00:00", + "1601-01-01 18:12:16+00:00" + ], + "description": [ + "Built-in account for administering the computer/domain" + ], + "distinguishedName": [ + "CN=Administrator,CN=Users,DC=support,DC=htb" + ], + "instanceType": [ + 4 + ], + "isCriticalSystemObject": [ + true + ], + "lastLogoff": [ + "1601-01-01 00:00:00+00:00" + ], + "lastLogon": [ + "2022-08-19 04:32:50.767044+00:00" + ], + "lastLogonTimestamp": [ + "2022-08-19 04:32:27.533430+00:00" + ], + "logonCount": [ + 62 + ], + "logonHours": [ + { + "encoded": "////////////////////////////", + "encoding": "base64" + } + ], + "memberOf": [ + "CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb", + "CN=Domain Admins,CN=Users,DC=support,DC=htb", + "CN=Enterprise Admins,CN=Users,DC=support,DC=htb", + "CN=Schema Admins,CN=Users,DC=support,DC=htb", + "CN=Administrators,CN=Builtin,DC=support,DC=htb" + ], + "name": [ + "Administrator" + ], + "objectCategory": [ + "CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb" + ], + "objectClass": [ + "top", + "person", + "organizationalPerson", + "user" + ], + "objectGUID": [ + "{e19ad196-8f3f-4b3b-931e-78c010470b97}" + ], + "objectSid": [ + "S-1-5-21-1677581083-3380853377-188903654-500" + ], + "primaryGroupID": [ + 513 + ], + "pwdLastSet": [ + "2022-07-19 17:55:56.729359+00:00" + ], + "sAMAccountName": [ + "Administrator" + ], + "sAMAccountType": [ + 805306368 + ], + "uSNChanged": [ + 81954 + ], + "uSNCreated": [ + 8196 + ], + "userAccountControl": [ + 512 + ], + "whenChanged": [ + "2022-08-19 04:32:27+00:00" + ], + "whenCreated": [ + "2022-05-28 11:01:56+00:00" + ] + }, + "dn": "CN=Administrator,CN=Users,DC=support,DC=htb" +}]
\ No newline at end of file diff --git a/support/domaindump/domain_users_by_group.html b/support/domaindump/domain_users_by_group.html new file mode 100644 index 0000000..429de43 --- /dev/null +++ b/support/domaindump/domain_users_by_group.html @@ -0,0 +1,95 @@ +<!DOCTYPE html> +<html> +<head><meta charset="UTF-8"><style type="text/css">tbody th { + border: 1px solid #000; +} +tbody td { + border: 1px solid #ababab; + border-spacing: 0px; + padding: 4px; + border-collapse: collapse; +} +body { + font-family: verdana; +} +table { + font-size: 13px; + border-collapse: collapse; + width: 100%; +} +tbody tr:nth-child(odd) td { + background-color: #eee; +} +tbody tr:hover td { + background-color: lightblue; +} +thead td { + font-size: 19px; + font-weight: bold; + padding: 10px 0px; +} +</style></head><body><table><thead><tr><td colspan="10" id="cn_Domain_Users">Domain Users</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>ford.victoria</td><td>ford.victoria</td><td>ford.victoria</td><td>05/28/22 11:15:57</td><td>05/28/22 11:15:58</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:58</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1120">1120</abbr></td><td> </td></tr> +<tr><td>stoll.rachelle</td><td>stoll.rachelle</td><td>stoll.rachelle</td><td>05/28/22 11:15:42</td><td>05/28/22 11:15:43</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:42</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1119">1119</abbr></td><td> </td></tr> +<tr><td>daughtler.mabel</td><td>daughtler.mabel</td><td>daughtler.mabel</td><td>05/28/22 11:15:26</td><td>05/28/22 11:15:27</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:26</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1118">1118</abbr></td><td> </td></tr> +<tr><td>langley.lucy</td><td>langley.lucy</td><td>langley.lucy</td><td>05/28/22 11:15:10</td><td>05/28/22 11:15:11</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:15:10</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1117">1117</abbr></td><td> </td></tr> +<tr><td>west.laura</td><td>west.laura</td><td>west.laura</td><td>05/28/22 11:14:55</td><td>05/28/22 11:14:56</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:55</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1116">1116</abbr></td><td> </td></tr> +<tr><td>monroe.david</td><td>monroe.david</td><td>monroe.david</td><td>05/28/22 11:14:39</td><td>05/28/22 11:14:40</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:39</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1115">1115</abbr></td><td> </td></tr> +<tr><td>cromwell.gerard</td><td>cromwell.gerard</td><td>cromwell.gerard</td><td>05/28/22 11:14:24</td><td>05/28/22 11:14:24</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:24</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1114">1114</abbr></td><td> </td></tr> +<tr><td>bardot.mary</td><td>bardot.mary</td><td>bardot.mary</td><td>05/28/22 11:14:08</td><td>05/28/22 11:14:09</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:14:08</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1113">1113</abbr></td><td> </td></tr> +<tr><td>raven.clifton</td><td>raven.clifton</td><td>raven.clifton</td><td>05/28/22 11:13:52</td><td>05/28/22 11:13:53</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:53</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1112">1112</abbr></td><td> </td></tr> +<tr><td>levine.leopoldo</td><td>levine.leopoldo</td><td>levine.leopoldo</td><td>05/28/22 11:13:37</td><td>05/28/22 11:13:38</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:37</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1111">1111</abbr></td><td> </td></tr> +<tr><td>thomas.raphael</td><td>thomas.raphael</td><td>thomas.raphael</td><td>05/28/22 11:13:21</td><td>05/28/22 11:13:22</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:21</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1110">1110</abbr></td><td> </td></tr> +<tr><td>anderson.damian</td><td>anderson.damian</td><td>anderson.damian</td><td>05/28/22 11:13:05</td><td>05/28/22 11:13:06</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:13:05</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1109">1109</abbr></td><td> </td></tr> +<tr><td>wilson.shelby</td><td>wilson.shelby</td><td>wilson.shelby</td><td>05/28/22 11:12:50</td><td>05/28/22 11:12:51</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:50</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1108">1108</abbr></td><td> </td></tr> +<tr><td>hernandez.stanley</td><td>hernandez.stanley</td><td>hernandez.stanley</td><td>05/28/22 11:12:34</td><td>05/28/22 11:12:35</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:34</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1107">1107</abbr></td><td> </td></tr> +<tr><td>smith.rosario</td><td>smith.rosario</td><td>smith.rosario</td><td>05/28/22 11:12:19</td><td>05/28/22 11:12:19</td><td>01/01/01 00:00:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:19</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1106">1106</abbr></td><td> </td></tr> +<tr><td>support</td><td>support</td><td>support</td><td>05/28/22 11:12:00</td><td>08/19/22 13:47:57</td><td>08/19/22 14:44:55</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:00</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1105">1105</abbr></td><td> </td></tr> +<tr><td>ldap</td><td>ldap</td><td>ldap</td><td>05/28/22 11:11:46</td><td>08/19/22 13:02:01</td><td>08/19/22 14:53:00</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:11:46</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1104">1104</abbr></td><td> </td></tr> +<tr><td>krbtgt</td><td>krbtgt</td><td>krbtgt</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td>01/01/01 00:00:00</td><td>ACCOUNT_DISABLED, NORMAL_ACCOUNT</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-502">502</abbr></td><td>Key Distribution Center Service Account</td></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Shared_Support_Accounts">Shared Support Accounts</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>support</td><td>support</td><td>support</td><td>05/28/22 11:12:00</td><td>08/19/22 13:47:57</td><td>08/19/22 14:44:55</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:00</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1105">1105</abbr></td><td> </td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Remote_Management_Users">Remote Management Users</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>support</td><td>support</td><td>support</td><td>05/28/22 11:12:00</td><td>08/19/22 13:47:57</td><td>08/19/22 14:44:55</td><td>NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:12:00</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-1105">1105</abbr></td><td> </td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Denied_RODC_Password_Replication_Group">Denied RODC Password Replication Group</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>krbtgt</td><td>krbtgt</td><td>krbtgt</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td>01/01/01 00:00:00</td><td>ACCOUNT_DISABLED, NORMAL_ACCOUNT</td><td>05/28/22 11:03:43</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-502">502</abbr></td><td>Key Distribution Center Service Account</td></tr> +<tr class="group"><td>Group: <a href="#cn_Read-only_Domain_Controllers" title="Read-only Domain Controllers">Read-only Domain Controllers</a></td><td>Read-only Domain Controllers</td><td>Read-only Domain Controllers</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-521">521</abbr></td><td>Members of this group are Read-Only Domain Controllers in the domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Group_Policy_Creator_Owners" title="Group Policy Creator Owners">Group Policy Creator Owners</a></td><td>Group Policy Creator Owners</td><td>Group Policy Creator Owners</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-520">520</abbr></td><td>Members in this group can modify group policy for the domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Domain_Admins" title="Domain Admins">Domain Admins</a></td><td>Domain Admins</td><td>Domain Admins</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-512">512</abbr></td><td>Designated administrators of the domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Cert_Publishers" title="Cert Publishers">Cert Publishers</a></td><td>Cert Publishers</td><td>Cert Publishers</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-517">517</abbr></td><td>Members of this group are permitted to publish certificates to the directory</td></tr> +<tr class="group"><td>Group: <a href="#cn_Enterprise_Admins" title="Enterprise Admins">Enterprise Admins</a></td><td>Enterprise Admins</td><td>Enterprise Admins</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-519">519</abbr></td><td>Designated administrators of the enterprise</td></tr> +<tr class="group"><td>Group: <a href="#cn_Schema_Admins" title="Schema Admins">Schema Admins</a></td><td>Schema Admins</td><td>Schema Admins</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-518">518</abbr></td><td>Designated administrators of the schema</td></tr> +<tr class="group"><td>Group: <a href="#cn_Domain_Controllers" title="Domain Controllers">Domain Controllers</a></td><td>Domain Controllers</td><td>Domain Controllers</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-516">516</abbr></td><td>All domain controllers in the domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Guests">Guests</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Guest</td><td>Guest</td><td>Guest</td><td>05/28/22 11:01:56</td><td>08/19/22 06:15:24</td><td>01/01/01 00:00:00</td><td>PASSWD_NOTREQD, NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:18:55</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-501">501</abbr></td><td>Built-in account for guest access to the computer/domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Domain_Guests" title="Domain Guests">Domain Guests</a></td><td>Domain Guests</td><td>Domain Guests</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-514">514</abbr></td><td>All domain guests</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Domain_Guests">Domain Guests</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Guest</td><td>Guest</td><td>Guest</td><td>05/28/22 11:01:56</td><td>08/19/22 06:15:24</td><td>01/01/01 00:00:00</td><td>PASSWD_NOTREQD, NORMAL_ACCOUNT, DONT_EXPIRE_PASSWD</td><td>05/28/22 11:18:55</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-501">501</abbr></td><td>Built-in account for guest access to the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Group_Policy_Creator_Owners">Group Policy Creator Owners</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Domain_Admins">Domain Admins</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Enterprise_Admins">Enterprise Admins</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Schema_Admins">Schema Admins</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Administrators">Administrators</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr><td>Administrator</td><td>Administrator</td><td>Administrator</td><td>05/28/22 11:01:56</td><td>08/19/22 04:32:27</td><td>08/19/22 04:32:50</td><td>NORMAL_ACCOUNT</td><td>07/19/22 17:55:56</td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-500">500</abbr></td><td>Built-in account for administering the computer/domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Domain_Admins" title="Domain Admins">Domain Admins</a></td><td>Domain Admins</td><td>Domain Admins</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-512">512</abbr></td><td>Designated administrators of the domain</td></tr> +<tr class="group"><td>Group: <a href="#cn_Enterprise_Admins" title="Enterprise Admins">Enterprise Admins</a></td><td>Enterprise Admins</td><td>Enterprise Admins</td><td>05/28/22 11:03:43</td><td>05/28/22 11:19:47</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-519">519</abbr></td><td>Designated administrators of the enterprise</td></tr> +</tbody> +<thead><tr><td colspan="10" id="cn_Users">Users</td></tr></thead><tbody><tr><th>CN</th><th>name</th><th>SAM Name</th><th>Created on</th><th>Changed on</th><th>lastLogon</th><th>Flags</th><th>pwdLastSet</th><th>SID</th><th>description</th></tr> +<tr class="group"><td>Group: <a href="#cn_Domain_Users" title="Domain Users">Domain Users</a></td><td>Domain Users</td><td>Domain Users</td><td>05/28/22 11:03:43</td><td>05/28/22 11:03:43</td><td> </td><td> </td><td> </td><td><abbr title="S-1-5-21-1677581083-3380853377-188903654-513">513</abbr></td><td>All domain users</td></tr> +</tbody> +</table></body></html>
\ No newline at end of file diff --git a/support/ldap_server_info b/support/ldap_server_info new file mode 100644 index 0000000..7da73a5 --- /dev/null +++ b/support/ldap_server_info @@ -0,0 +1,118 @@ +DSA info (from DSE): + Supported LDAP versions: 3, 2 + Naming contexts: + DC=support,DC=htb + CN=Configuration,DC=support,DC=htb + CN=Schema,CN=Configuration,DC=support,DC=htb + DC=DomainDnsZones,DC=support,DC=htb + DC=ForestDnsZones,DC=support,DC=htb + Supported controls: + 1.2.840.113556.1.4.1338 - Verify name - Control - MICROSOFT + 1.2.840.113556.1.4.1339 - Domain scope - Control - MICROSOFT + 1.2.840.113556.1.4.1340 - Search options - Control - MICROSOFT + 1.2.840.113556.1.4.1341 - RODC DCPROMO - Control - MICROSOFT + 1.2.840.113556.1.4.1413 - Permissive modify - Control - MICROSOFT + 1.2.840.113556.1.4.1504 - Attribute scoped query - Control - MICROSOFT + 1.2.840.113556.1.4.1852 - User quota - Control - MICROSOFT + 1.2.840.113556.1.4.1907 - Server shutdown notify - Control - MICROSOFT + 1.2.840.113556.1.4.1948 - Range retrieval no error - Control - MICROSOFT + 1.2.840.113556.1.4.1974 - Server force update - Control - MICROSOFT + 1.2.840.113556.1.4.2026 - Input DN - Control - MICROSOFT + 1.2.840.113556.1.4.2064 - Show recycled - Control - MICROSOFT + 1.2.840.113556.1.4.2065 - Show deactivated link - Control - MICROSOFT + 1.2.840.113556.1.4.2066 - Policy hints [DEPRECATED] - Control - MICROSOFT + 1.2.840.113556.1.4.2090 - DirSync EX - Control - MICROSOFT + 1.2.840.113556.1.4.2204 - Tree deleted EX - Control - MICROSOFT + 1.2.840.113556.1.4.2205 - Updates stats - Control - MICROSOFT + 1.2.840.113556.1.4.2206 - Search hints - Control - MICROSOFT + 1.2.840.113556.1.4.2211 - Expected entry count - Control - MICROSOFT + 1.2.840.113556.1.4.2239 - Policy hints - Control - MICROSOFT + 1.2.840.113556.1.4.2255 - Set owner - Control - MICROSOFT + 1.2.840.113556.1.4.2256 - Bypass quota - Control - MICROSOFT + 1.2.840.113556.1.4.2309 + 1.2.840.113556.1.4.2330 + 1.2.840.113556.1.4.2354 + 1.2.840.113556.1.4.319 - LDAP Simple Paged Results - Control - RFC2696 + 1.2.840.113556.1.4.417 - LDAP server show deleted objects - Control - MICROSOFT + 1.2.840.113556.1.4.473 - Sort Request - Control - RFC2891 + 1.2.840.113556.1.4.474 - Sort Response - Control - RFC2891 + 1.2.840.113556.1.4.521 - Cross-domain move - Control - MICROSOFT + 1.2.840.113556.1.4.528 - Server search notification - Control - MICROSOFT + 1.2.840.113556.1.4.529 - Extended DN - Control - MICROSOFT + 1.2.840.113556.1.4.619 - Lazy commit - Control - MICROSOFT + 1.2.840.113556.1.4.801 - Security descriptor flags - Control - MICROSOFT + 1.2.840.113556.1.4.802 - Range option - Control - MICROSOFT + 1.2.840.113556.1.4.805 - Tree delete - Control - MICROSOFT + 1.2.840.113556.1.4.841 - Directory synchronization - Control - MICROSOFT + 1.2.840.113556.1.4.970 - Get stats - Control - MICROSOFT + 2.16.840.1.113730.3.4.10 - Virtual List View Response - Control - IETF + 2.16.840.1.113730.3.4.9 - Virtual List View Request - Control - IETF + Supported extensions: + 1.2.840.113556.1.4.1781 - Fast concurrent bind - Extension - MICROSOFT + 1.2.840.113556.1.4.2212 - Batch request - Extension - MICROSOFT + 1.3.6.1.4.1.1466.101.119.1 - Dynamic Refresh - Extension - RFC2589 + 1.3.6.1.4.1.1466.20037 - StartTLS - Extension - RFC4511-RFC4513 + 1.3.6.1.4.1.4203.1.11.3 - Who am I - Extension - RFC4532 + Supported features: + 1.2.840.113556.1.4.1670 - Active directory V51 - Feature - MICROSOFT + 1.2.840.113556.1.4.1791 - Active directory LDAP Integration - Feature - MICROSOFT + 1.2.840.113556.1.4.1935 - Active directory V60 - Feature - MICROSOFT + 1.2.840.113556.1.4.2080 - Active directory V61 R2 - Feature - MICROSOFT + 1.2.840.113556.1.4.2237 - Active directory W8 - Feature - MICROSOFT + 1.2.840.113556.1.4.800 - Active directory - Feature - MICROSOFT + Supported SASL mechanisms: + GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5 + Schema entry: + CN=Aggregate,CN=Schema,CN=Configuration,DC=support,DC=htb +Other: + domainFunctionality: + 7 + forestFunctionality: + 7 + domainControllerFunctionality: + 7 + rootDomainNamingContext: + DC=support,DC=htb + ldapServiceName: + support.htb:dc$@SUPPORT.HTB + isGlobalCatalogReady: + TRUE + supportedLDAPPolicies: + MaxPoolThreads + MaxPercentDirSyncRequests + MaxDatagramRecv + MaxReceiveBuffer + InitRecvTimeout + MaxConnections + MaxConnIdleTime + MaxPageSize + MaxBatchReturnMessages + MaxQueryDuration + MaxDirSyncDuration + MaxTempTableSize + MaxResultSetSize + MinResultSets + MaxResultSetsPerConn + MaxNotificationPerConn + MaxValRange + MaxValRangeTransitive + ThreadMemoryLimit + SystemMemoryLimitPercent + serverName: + CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb + schemaNamingContext: + CN=Schema,CN=Configuration,DC=support,DC=htb + isSynchronized: + TRUE + highestCommittedUSN: + 82007 + dsServiceName: + CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=support,DC=htb + dnsHostName: + dc.support.htb + defaultNamingContext: + DC=support,DC=htb + currentTime: + 20220819094016.0Z + configurationNamingContext: + CN=Configuration,DC=support,DC=htb diff --git a/support/output b/support/output new file mode 100644 index 0000000..e27361e --- /dev/null +++ b/support/output @@ -0,0 +1,1400 @@ +# extended LDIF +# +# LDAPv3 +# base <CN=Users,DC=support,DC=htb> with scope subtree +# filter: (objectclass=*) +# requesting: ALL +# + +# Users, support.htb +dn: CN=Users,DC=support,DC=htb +objectClass: top +objectClass: container +cn: Users +description: Default container for upgraded user accounts +distinguishedName: CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110155.0Z +whenChanged: 20220528110155.0Z +uSNCreated: 5660 +uSNChanged: 5660 +showInAdvancedViewOnly: FALSE +name: Users +objectGUID:: fvT3rPs5nUaComz/MQQwrw== +systemFlags: -1946157056 +objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# krbtgt, Users, support.htb +dn: CN=krbtgt,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: krbtgt +description: Key Distribution Center Service Account +distinguishedName: CN=krbtgt,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12324 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 13087 +showInAdvancedViewOnly: TRUE +name: krbtgt +objectGUID:: /xb62J8VtUOrxKFMpoVR1g== +userAccountControl: 514 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982094237626330 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEIL9gEAAA== +adminCount: 1 +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: krbtgt +sAMAccountType: 805306368 +servicePrincipalName: kadmin/changepw +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z +msDS-SupportedEncryptionTypes: 0 + +# Domain Computers, Users, support.htb +dn: CN=Domain Computers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Domain Computers +description: All workstations and servers joined to the domain +distinguishedName: CN=Domain Computers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12330 +uSNChanged: 12332 +name: Domain Computers +objectGUID:: FIrWiW7Kr0GFu2diC0RPew== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILAwIAAA== +sAMAccountName: Domain Computers +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Domain Controllers, Users, support.htb +dn: CN=Domain Controllers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Domain Controllers +description: All domain controllers in the domain +distinguishedName: CN=Domain Controllers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12333 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 13088 +name: Domain Controllers +objectGUID:: dN6L6IBw9kCwkCFFY6rSWg== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILBAIAAA== +adminCount: 1 +sAMAccountName: Domain Controllers +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Schema Admins, Users, support.htb +dn: CN=Schema Admins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Schema Admins +description: Designated administrators of the schema +member: CN=Administrator,CN=Users,DC=support,DC=htb +distinguishedName: CN=Schema Admins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12336 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 13074 +name: Schema Admins +objectGUID:: t4lVcdkLMU+XgbSieUBxbQ== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILBgIAAA== +adminCount: 1 +sAMAccountName: Schema Admins +sAMAccountType: 268435456 +groupType: -2147483640 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Enterprise Admins, Users, support.htb +dn: CN=Enterprise Admins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Enterprise Admins +description: Designated administrators of the enterprise +member: CN=Administrator,CN=Users,DC=support,DC=htb +distinguishedName: CN=Enterprise Admins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12339 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +memberOf: CN=Administrators,CN=Builtin,DC=support,DC=htb +uSNChanged: 13073 +name: Enterprise Admins +objectGUID:: q3daaBUIyEaH519un0AO1A== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILBwIAAA== +adminCount: 1 +sAMAccountName: Enterprise Admins +sAMAccountType: 268435456 +groupType: -2147483640 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Cert Publishers, Users, support.htb +dn: CN=Cert Publishers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Cert Publishers +description: Members of this group are permitted to publish certificates to th + e directory +distinguishedName: CN=Cert Publishers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12342 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 12344 +name: Cert Publishers +objectGUID:: PAzQuO/hA0qzHxyiYOc4jw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILBQIAAA== +sAMAccountName: Cert Publishers +sAMAccountType: 536870912 +groupType: -2147483644 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Domain Admins, Users, support.htb +dn: CN=Domain Admins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Domain Admins +description: Designated administrators of the domain +member: CN=Administrator,CN=Users,DC=support,DC=htb +distinguishedName: CN=Domain Admins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12345 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +memberOf: CN=Administrators,CN=Builtin,DC=support,DC=htb +uSNChanged: 13069 +name: Domain Admins +objectGUID:: TwvrOpHMLUyAW0q4RHRefQ== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILAAIAAA== +adminCount: 1 +sAMAccountName: Domain Admins +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Domain Users, Users, support.htb +dn: CN=Domain Users,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Domain Users +description: All domain users +distinguishedName: CN=Domain Users,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12348 +memberOf: CN=Users,CN=Builtin,DC=support,DC=htb +uSNChanged: 12350 +name: Domain Users +objectGUID:: 0o8/7t9hYEOGiqI3/a9qPw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILAQIAAA== +sAMAccountName: Domain Users +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Domain Guests, Users, support.htb +dn: CN=Domain Guests,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Domain Guests +description: All domain guests +distinguishedName: CN=Domain Guests,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12351 +memberOf: CN=Guests,CN=Builtin,DC=support,DC=htb +uSNChanged: 12353 +name: Domain Guests +objectGUID:: FohOjdYt806Z8OJmhd8T8g== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILAgIAAA== +sAMAccountName: Domain Guests +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Group Policy Creator Owners, Users, support.htb +dn: CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Group Policy Creator Owners +description: Members in this group can modify group policy for the domain +member: CN=Administrator,CN=Users,DC=support,DC=htb +distinguishedName: CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12354 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 12391 +name: Group Policy Creator Owners +objectGUID:: V/lnboosdEKRY0iXk4eXhg== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILCAIAAA== +sAMAccountName: Group Policy Creator Owners +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# RAS and IAS Servers, Users, support.htb +dn: CN=RAS and IAS Servers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: RAS and IAS Servers +description: Servers in this group can access remote access properties of user + s +distinguishedName: CN=RAS and IAS Servers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12357 +uSNChanged: 12359 +name: RAS and IAS Servers +objectGUID:: aziHrRu9g0eTB+Blm+vlzg== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILKQIAAA== +sAMAccountName: RAS and IAS Servers +sAMAccountType: 536870912 +groupType: -2147483644 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Allowed RODC Password Replication Group, Users, support.htb +dn: CN=Allowed RODC Password Replication Group,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Allowed RODC Password Replication Group +description: Members in this group can have their passwords replicated to all + read-only domain controllers in the domain +distinguishedName: CN=Allowed RODC Password Replication Group,CN=Users,DC=supp + ort,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12402 +uSNChanged: 12404 +name: Allowed RODC Password Replication Group +objectGUID:: c9ipRQgk1U+7kOD9r95qrw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILOwIAAA== +sAMAccountName: Allowed RODC Password Replication Group +sAMAccountType: 536870912 +groupType: -2147483644 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Denied RODC Password Replication Group, Users, support.htb +dn: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Denied RODC Password Replication Group +description: Members in this group cannot have their passwords replicated to a + ny read-only domain controllers in the domain +member: CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb +member: CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb +member: CN=Domain Admins,CN=Users,DC=support,DC=htb +member: CN=Cert Publishers,CN=Users,DC=support,DC=htb +member: CN=Enterprise Admins,CN=Users,DC=support,DC=htb +member: CN=Schema Admins,CN=Users,DC=support,DC=htb +member: CN=Domain Controllers,CN=Users,DC=support,DC=htb +member: CN=krbtgt,CN=Users,DC=support,DC=htb +distinguishedName: CN=Denied RODC Password Replication Group,CN=Users,DC=suppo + rt,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12405 +uSNChanged: 12433 +name: Denied RODC Password Replication Group +objectGUID:: JX6Bq3TqBEO536AlmQTXGQ== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILPAIAAA== +sAMAccountName: Denied RODC Password Replication Group +sAMAccountType: 536870912 +groupType: -2147483644 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Read-only Domain Controllers, Users, support.htb +dn: CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Read-only Domain Controllers +description: Members of this group are Read-Only Domain Controllers in the dom + ain +distinguishedName: CN=Read-only Domain Controllers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12419 +memberOf: CN=Denied RODC Password Replication Group,CN=Users,DC=support,DC=htb +uSNChanged: 13089 +name: Read-only Domain Controllers +objectGUID:: oyG5YD2XqE6hwnqADL3JYA== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILCQIAAA== +adminCount: 1 +sAMAccountName: Read-only Domain Controllers +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Enterprise Read-only Domain Controllers, Users, support.htb +dn: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Enterprise Read-only Domain Controllers +description: Members of this group are Read-Only Domain Controllers in the ent + erprise +distinguishedName: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=supp + ort,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12429 +uSNChanged: 12431 +name: Enterprise Read-only Domain Controllers +objectGUID:: Uv8SRz7wvUCtT3ekcPs1Nw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEIL8gEAAA== +sAMAccountName: Enterprise Read-only Domain Controllers +sAMAccountType: 268435456 +groupType: -2147483640 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Cloneable Domain Controllers, Users, support.htb +dn: CN=Cloneable Domain Controllers,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Cloneable Domain Controllers +description: Members of this group that are domain controllers may be cloned. +distinguishedName: CN=Cloneable Domain Controllers,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12440 +uSNChanged: 12442 +name: Cloneable Domain Controllers +objectGUID:: 6o/buUpCVkWE1hsYhJ0C7A== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILCgIAAA== +sAMAccountName: Cloneable Domain Controllers +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Protected Users, Users, support.htb +dn: CN=Protected Users,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Protected Users +description: Members of this group are afforded additional protections against + authentication security threats. See http://go.microsoft.com/fwlink/?LinkId= + 298939 for more information. +distinguishedName: CN=Protected Users,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528110343.0Z +uSNCreated: 12445 +uSNChanged: 12447 +name: Protected Users +objectGUID:: WWO6zBhGcU2BvsuFsuijDQ== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILDQIAAA== +sAMAccountName: Protected Users +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z + +# Key Admins, Users, support.htb +dn: CN=Key Admins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Key Admins +description: Members of this group can perform administrative actions on key o + bjects within the domain. +distinguishedName: CN=Key Admins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12450 +uSNChanged: 13072 +name: Key Admins +objectGUID:: lu9JrnlC0EqsJO7Ca/1Yyg== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILDgIAAA== +adminCount: 1 +sAMAccountName: Key Admins +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# Enterprise Key Admins, Users, support.htb +dn: CN=Enterprise Key Admins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Enterprise Key Admins +description: Members of this group can perform administrative actions on key o + bjects within the forest. +distinguishedName: CN=Enterprise Key Admins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110343.0Z +whenChanged: 20220528111947.0Z +uSNCreated: 12453 +uSNChanged: 13075 +name: Enterprise Key Admins +objectGUID:: +XXDlrk+kkaqJztpO6OUlQ== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILDwIAAA== +adminCount: 1 +sAMAccountName: Enterprise Key Admins +sAMAccountType: 268435456 +groupType: -2147483640 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000416.0Z + +# DnsAdmins, Users, support.htb +dn: CN=DnsAdmins,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: DnsAdmins +description: DNS Administrators Group +distinguishedName: CN=DnsAdmins,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110517.0Z +whenChanged: 20220528110517.0Z +uSNCreated: 12487 +uSNChanged: 12489 +name: DnsAdmins +objectGUID:: 2q5qdYNl8EauIghx5W/HkA== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILTQQAAA== +sAMAccountName: DnsAdmins +sAMAccountType: 536870912 +groupType: -2147483644 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 16010101000000.0Z + +# DnsUpdateProxy, Users, support.htb +dn: CN=DnsUpdateProxy,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: DnsUpdateProxy +description: DNS clients who are permitted to perform dynamic updates on behal + f of some other clients (such as DHCP servers). +distinguishedName: CN=DnsUpdateProxy,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110517.0Z +whenChanged: 20220528110517.0Z +uSNCreated: 12492 +uSNChanged: 12492 +name: DnsUpdateProxy +objectGUID:: Nc+gxph1Vkag0TSb27cHLw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILTgQAAA== +sAMAccountName: DnsUpdateProxy +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 16010101000000.0Z + +# Shared Support Accounts, Users, support.htb +dn: CN=Shared Support Accounts,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: group +cn: Shared Support Accounts +member: CN=support,CN=Users,DC=support,DC=htb +distinguishedName: CN=Shared Support Accounts,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111132.0Z +whenChanged: 20220528111204.0Z +uSNCreated: 12599 +uSNChanged: 12635 +name: Shared Support Accounts +objectGUID:: dVLmpti4CUarxgBZ0GZQFw== +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILTwQAAA== +sAMAccountName: Shared Support Accounts +sAMAccountType: 268435456 +groupType: -2147483646 +objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 16010101000000.0Z + +# ldap, Users, support.htb +dn: CN=ldap,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: ldap +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +distinguishedName: CN=ldap,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111146.0Z +whenChanged: 20220819130201.0Z +uSNCreated: 12603 +uSNChanged: 122843 +company: support +streetAddress: Skipper Bowles Dr +name: ldap +objectGUID:: /6UvjDrNT0GyZFt9CzrgfQ== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 133053977118042298 +lastLogoff: 0 +lastLogon: 133053977202167339 +pwdLastSet: 132982099064620523 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUAQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: ldap +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111146.0Z +dSCorePropagationData: 16010101000000.0Z +lastLogonTimestamp: 133053877211215389 + +# support, Users, support.htb +dn: CN=support,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: support +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +distinguishedName: CN=support,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111200.0Z +whenChanged: 20220819134757.0Z +uSNCreated: 12617 +info: Ironside47pleasure40Watchful +memberOf: CN=Shared Support Accounts,CN=Users,DC=support,DC=htb +memberOf: CN=Remote Management Users,CN=Builtin,DC=support,DC=htb +uSNChanged: 122847 +company: support +streetAddress: Skipper Bowles Dr +name: support +objectGUID:: CqM5MfoxMEWepIBTs5an8Q== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 133053968645324382 +lastLogoff: 0 +lastLogon: 133053983836932396 +pwdLastSet: 132982099209777070 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUQQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: support +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111201.0Z +dSCorePropagationData: 16010101000000.0Z +lastLogonTimestamp: 133053904772994654 + +# smith.rosario, Users, support.htb +dn: CN=smith.rosario,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: smith.rosario +sn: smith +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: rosario +distinguishedName: CN=smith.rosario,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111219.0Z +whenChanged: 20220528111219.0Z +uSNCreated: 12638 +uSNChanged: 12653 +company: support +streetAddress: Skipper Bowles Dr +name: smith.rosario +objectGUID:: xrmo4GlsuUajfnkG3CBMrg== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982099393057986 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUgQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: smith.rosario +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111219.0Z +dSCorePropagationData: 16010101000000.0Z +mail: smith.rosario@support.htb + +# hernandez.stanley, Users, support.htb +dn: CN=hernandez.stanley,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: hernandez.stanley +sn: hernandez +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: stanley +distinguishedName: CN=hernandez.stanley,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111234.0Z +whenChanged: 20220528111235.0Z +uSNCreated: 12655 +uSNChanged: 12670 +company: support +streetAddress: Skipper Bowles Dr +name: hernandez.stanley +objectGUID:: L81uL06kXEOWM2Qn8ww2qA== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982099548708177 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILUwQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: hernandez.stanley +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111235.0Z +dSCorePropagationData: 16010101000000.0Z +mail: hernandez.stanley@support.htb + +# wilson.shelby, Users, support.htb +dn: CN=wilson.shelby,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: wilson.shelby +sn: wilson +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: shelby +distinguishedName: CN=wilson.shelby,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111250.0Z +whenChanged: 20220528111251.0Z +uSNCreated: 12672 +uSNChanged: 12687 +company: support +streetAddress: Skipper Bowles Dr +name: wilson.shelby +objectGUID:: XbKIVlHxiUa1D5CZfJJG9A== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982099703526781 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILVAQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: wilson.shelby +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111250.0Z +dSCorePropagationData: 16010101000000.0Z +mail: wilson.shelby@support.htb + +# anderson.damian, Users, support.htb +dn: CN=anderson.damian,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: anderson.damian +sn: anderson +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: damian +distinguishedName: CN=anderson.damian,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111305.0Z +whenChanged: 20220528111306.0Z +uSNCreated: 12689 +uSNChanged: 12704 +company: support +streetAddress: Skipper Bowles Dr +name: anderson.damian +objectGUID:: 3yoA+1yHqUaNkyZV3AwohQ== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982099859932951 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILVQQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: anderson.damian +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111306.0Z +dSCorePropagationData: 16010101000000.0Z +mail: anderson.damian@support.htb + +# thomas.raphael, Users, support.htb +dn: CN=thomas.raphael,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: thomas.raphael +sn: thomas +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: raphael +distinguishedName: CN=thomas.raphael,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111321.0Z +whenChanged: 20220528111322.0Z +uSNCreated: 12706 +uSNChanged: 12721 +company: support +streetAddress: Skipper Bowles Dr +name: thomas.raphael +objectGUID:: sard51WjwU2UuCtT0BGwug== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100017745577 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILVgQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: thomas.raphael +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111322.0Z +dSCorePropagationData: 16010101000000.0Z +mail: thomas.raphael@support.htb + +# levine.leopoldo, Users, support.htb +dn: CN=levine.leopoldo,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: levine.leopoldo +sn: levine +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: leopoldo +distinguishedName: CN=levine.leopoldo,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111337.0Z +whenChanged: 20220528111338.0Z +uSNCreated: 12891 +uSNChanged: 12906 +company: support +streetAddress: Skipper Bowles Dr +name: levine.leopoldo +objectGUID:: zaT1TYtnNUKvrkK/fHjf0Q== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100175089241 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILVwQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: levine.leopoldo +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111337.0Z +dSCorePropagationData: 16010101000000.0Z +mail: levine.leopoldo@support.htb + +# raven.clifton, Users, support.htb +dn: CN=raven.clifton,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: raven.clifton +sn: raven +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: clifton +distinguishedName: CN=raven.clifton,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111352.0Z +whenChanged: 20220528111353.0Z +uSNCreated: 12908 +uSNChanged: 12923 +company: support +streetAddress: Skipper Bowles Dr +name: raven.clifton +objectGUID:: r4Ljo7fDek6FZN1CBI375w== +userAccountControl: 66048 +badPwdCount: 1450 +codePage: 0 +countryCode: 0 +badPasswordTime: 133053948646435228 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100331339215 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILWAQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: raven.clifton +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111353.0Z +dSCorePropagationData: 16010101000000.0Z +mail: raven.clifton@support.htb + +# bardot.mary, Users, support.htb +dn: CN=bardot.mary,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: bardot.mary +sn: bardot +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: mary +distinguishedName: CN=bardot.mary,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111408.0Z +whenChanged: 20220528111409.0Z +uSNCreated: 12925 +uSNChanged: 12940 +company: support +streetAddress: Skipper Bowles Dr +name: bardot.mary +objectGUID:: bp+GlFYgwUiy169DiKxEfg== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100486339253 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILWQQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: bardot.mary +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111408.0Z +dSCorePropagationData: 16010101000000.0Z +mail: bardot.mary@support.htb + +# cromwell.gerard, Users, support.htb +dn: CN=cromwell.gerard,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: cromwell.gerard +sn: cromwell +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: gerard +distinguishedName: CN=cromwell.gerard,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111424.0Z +whenChanged: 20220528111424.0Z +uSNCreated: 12942 +uSNChanged: 12957 +company: support +streetAddress: Skipper Bowles Dr +name: cromwell.gerard +objectGUID:: t5fIUmTNZEmsOEoXkg1PfA== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100642589204 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILWgQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: cromwell.gerard +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111424.0Z +dSCorePropagationData: 16010101000000.0Z +mail: cromwell.gerard@support.htb + +# monroe.david, Users, support.htb +dn: CN=monroe.david,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: monroe.david +sn: monroe +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: david +distinguishedName: CN=monroe.david,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111439.0Z +whenChanged: 20220528111440.0Z +uSNCreated: 12959 +uSNChanged: 12974 +company: support +streetAddress: Skipper Bowles Dr +name: monroe.david +objectGUID:: BAScccXiIEKhwgp//rBwwA== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100797120581 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILWwQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: monroe.david +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111439.0Z +dSCorePropagationData: 16010101000000.0Z +mail: monroe.david@support.htb + +# west.laura, Users, support.htb +dn: CN=west.laura,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: west.laura +sn: west +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: laura +distinguishedName: CN=west.laura,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111455.0Z +whenChanged: 20220528111456.0Z +uSNCreated: 12979 +uSNChanged: 12994 +company: support +streetAddress: Skipper Bowles Dr +name: west.laura +objectGUID:: bqAMeaq42kGIZbfMnxXxRA== +userAccountControl: 66048 +badPwdCount: 1309 +codePage: 0 +countryCode: 0 +badPasswordTime: 133053948661389063 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982100954464244 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILXAQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: west.laura +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111455.0Z +dSCorePropagationData: 16010101000000.0Z +mail: west.laura@support.htb + +# langley.lucy, Users, support.htb +dn: CN=langley.lucy,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: langley.lucy +sn: langley +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: lucy +distinguishedName: CN=langley.lucy,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111510.0Z +whenChanged: 20220528111511.0Z +uSNCreated: 12996 +uSNChanged: 13011 +company: support +streetAddress: Skipper Bowles Dr +name: langley.lucy +objectGUID:: T9fnf6QIlE2uz+4YhFZ3aw== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982101109308007 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILXQQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: langley.lucy +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111511.0Z +dSCorePropagationData: 16010101000000.0Z +mail: langley.lucy@support.htb + +# daughtler.mabel, Users, support.htb +dn: CN=daughtler.mabel,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: daughtler.mabel +sn: daughtler +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: mabel +distinguishedName: CN=daughtler.mabel,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111526.0Z +whenChanged: 20220528111527.0Z +uSNCreated: 13013 +uSNChanged: 13028 +company: support +streetAddress: Skipper Bowles Dr +name: daughtler.mabel +objectGUID:: iWH2yMa7h0e1dPAKT9MtgA== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982101262745576 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILXgQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: daughtler.mabel +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111526.0Z +dSCorePropagationData: 16010101000000.0Z +mail: daughtler.mabel@support.htb + +# stoll.rachelle, Users, support.htb +dn: CN=stoll.rachelle,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: stoll.rachelle +sn: stoll +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: rachelle +distinguishedName: CN=stoll.rachelle,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111542.0Z +whenChanged: 20220528111543.0Z +uSNCreated: 13030 +uSNChanged: 13045 +company: support +streetAddress: Skipper Bowles Dr +name: stoll.rachelle +objectGUID:: Oe9hWbyotkWg+Aty/bcKYw== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982101422902140 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILXwQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: stoll.rachelle +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111542.0Z +dSCorePropagationData: 16010101000000.0Z +mail: stoll.rachelle@support.htb + +# ford.victoria, Users, support.htb +dn: CN=ford.victoria,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: ford.victoria +sn: ford +c: US +l: Chapel Hill +st: NC +postalCode: 27514 +givenName: victoria +distinguishedName: CN=ford.victoria,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528111557.0Z +whenChanged: 20220528111558.0Z +uSNCreated: 13048 +uSNChanged: 13063 +company: support +streetAddress: Skipper Bowles Dr +name: ford.victoria +objectGUID:: igFAMPhgAEqMFr/4HUIY5A== +userAccountControl: 66048 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +pwdLastSet: 132982101581183009 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEILYAQAAA== +accountExpires: 9223372036854775807 +logonCount: 0 +sAMAccountName: ford.victoria +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +dSCorePropagationData: 20220528111558.0Z +dSCorePropagationData: 16010101000000.0Z +mail: ford.victoria@support.htb + +# Administrator, Users, support.htb +dn: CN=Administrator,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Administrator +description: Built-in account for administering the computer/domain +distinguishedName: CN=Administrator,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110156.0Z +whenChanged: 20220819043227.0Z +uSNCreated: 8196 +memberOf: CN=Group Policy Creator Owners,CN=Users,DC=support,DC=htb +memberOf: CN=Domain Admins,CN=Users,DC=support,DC=htb +memberOf: CN=Enterprise Admins,CN=Users,DC=support,DC=htb +memberOf: CN=Schema Admins,CN=Users,DC=support,DC=htb +memberOf: CN=Administrators,CN=Builtin,DC=support,DC=htb +uSNChanged: 81954 +name: Administrator +objectGUID:: ltGa4T+PO0uTHnjAEEcLlw== +userAccountControl: 512 +badPwdCount: 1 +codePage: 0 +countryCode: 0 +badPasswordTime: 133053851029724323 +lastLogoff: 0 +lastLogon: 133053571707670441 +logonHours:: //////////////////////////// +pwdLastSet: 133027269567293588 +primaryGroupID: 513 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEIL9AEAAA== +adminCount: 1 +accountExpires: 0 +logonCount: 62 +sAMAccountName: Administrator +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528111947.0Z +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101181216.0Z +lastLogonTimestamp: 133053571475334311 + +# Guest, Users, support.htb +dn: CN=Guest,CN=Users,DC=support,DC=htb +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: user +cn: Guest +description: Built-in account for guest access to the computer/domain +distinguishedName: CN=Guest,CN=Users,DC=support,DC=htb +instanceType: 4 +whenCreated: 20220528110156.0Z +whenChanged: 20220819061524.0Z +uSNCreated: 8197 +memberOf: CN=Guests,CN=Builtin,DC=support,DC=htb +uSNChanged: 81994 +name: Guest +objectGUID:: lHQIHI+KY06QsghOU1eULw== +userAccountControl: 66080 +badPwdCount: 0 +codePage: 0 +countryCode: 0 +badPasswordTime: 0 +lastLogoff: 0 +lastLogon: 0 +logonHours:: //////////////////////////// +pwdLastSet: 132982103352120821 +primaryGroupID: 514 +objectSid:: AQUAAAAAAAUVAAAAG9v9Y4G6g8nmcEIL9QEAAA== +accountExpires: 0 +logonCount: 0 +sAMAccountName: Guest +sAMAccountType: 805306368 +objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=support,DC=htb +isCriticalSystemObject: TRUE +dSCorePropagationData: 20220528110344.0Z +dSCorePropagationData: 16010101000001.0Z +lastLogonTimestamp: 133053633249317557 + +# search result +search: 2 +result: 0 Success + +# numResponses: 43 +# numEntries: 42 diff --git a/support/powershell-web-server.ps1 b/support/powershell-web-server.ps1 new file mode 100644 index 0000000..f8a409b --- /dev/null +++ b/support/powershell-web-server.ps1 @@ -0,0 +1,111 @@ +# This is a super **SIMPLE** example of how to create a very basic powershell webserver +# 2019-05-18 UPDATE — Created by me and and evalued by @jakobii and the comunity. + +# Http Server +$http = [System.Net.HttpListener]::new() + +# Hostname and port to listen on +$http.Prefixes.Add("http://localhost:8080/") + +# Start the Http Server +$http.Start() + + + +# Log ready message to terminal +if ($http.IsListening) { + write-host " HTTP Server Ready! " -f 'black' -b 'gre' + write-host "now try going to $($http.Prefixes)" -f 'y' + write-host "then try going to $($http.Prefixes)other/path" -f 'y' +} + + +# INFINTE LOOP +# Used to listen for requests +while ($http.IsListening) { + + + + # Get Request Url + # When a request is made in a web browser the GetContext() method will return a request object + # Our route examples below will use the request object properties to decide how to respond + $context = $http.GetContext() + + + # ROUTE EXAMPLE 1 + # http://127.0.0.1/ + if ($context.Request.HttpMethod -eq 'GET' -and $context.Request.RawUrl -eq '/') { + + # We can log the request to the terminal + write-host "$($context.Request.UserHostAddress) => $($context.Request.Url)" -f 'mag' + + # the html/data you want to send to the browser + # you could replace this with: [string]$html = Get-Content "C:\some\path\index.html" -Raw + [string]$html = "<h1>A Powershell Webserver</h1><p>home page</p>" + + #resposed to the request + $buffer = [System.Text.Encoding]::UTF8.GetBytes($html) # convert htmtl to bytes + $context.Response.ContentLength64 = $buffer.Length + $context.Response.OutputStream.Write($buffer, 0, $buffer.Length) #stream to broswer + $context.Response.OutputStream.Close() # close the response + + } + + + + # ROUTE EXAMPLE 2 + # http://127.0.0.1/some/form' + if ($context.Request.HttpMethod -eq 'GET' -and $context.Request.RawUrl -eq '/some/form') { + + # We can log the request to the terminal + write-host "$($context.Request.UserHostAddress) => $($context.Request.Url)" -f 'mag' + + [string]$html = " + <h1>A Powershell Webserver</h1> + <form action='/some/post' method='post'> + <p>A Basic Form</p> + <p>fullname</p> + <input type='text' name='fullname'> + <p>message</p> + <textarea rows='4' cols='50' name='message'></textarea> + <br> + <input type='submit' value='Submit'> + </form> + " + + #resposed to the request + $buffer = [System.Text.Encoding]::UTF8.GetBytes($html) + $context.Response.ContentLength64 = $buffer.Length + $context.Response.OutputStream.Write($buffer, 0, $buffer.Length) + $context.Response.OutputStream.Close() + } + + # ROUTE EXAMPLE 3 + # http://127.0.0.1/some/post' + if ($context.Request.HttpMethod -eq 'POST' -and $context.Request.RawUrl -eq '/some/post') { + + # decode the form post + # html form members need 'name' attributes as in the example! + $FormContent = [System.IO.StreamReader]::new($context.Request.InputStream).ReadToEnd() + + # We can log the request to the terminal + write-host "$($context.Request.UserHostAddress) => $($context.Request.Url)" -f 'mag' + Write-Host $FormContent -f 'Green' + + # the html/data + [string]$html = "<h1>A Powershell Webserver</h1><p>Post Successful!</p>" + + #resposed to the request + $buffer = [System.Text.Encoding]::UTF8.GetBytes($html) + $context.Response.ContentLength64 = $buffer.Length + $context.Response.OutputStream.Write($buffer, 0, $buffer.Length) + $context.Response.OutputStream.Close() + } + + + # powershell will continue looping and listen for new requests... + +} + +# Note: +# To end the loop you have to kill the powershell terminal. ctrl-c wont work :/
\ No newline at end of file diff --git a/support/rustscan b/support/rustscan new file mode 100644 index 0000000..6c4e66d --- /dev/null +++ b/support/rustscan @@ -0,0 +1,148 @@ +[1m[38;2;0;255;0m.[38;2;0;255;6m-[38;2;0;255;13m-[38;2;0;255;19m-[38;2;0;255;25m-[38;2;0;255;32m.[38;2;0;255;38m [38;2;0;255;45m.[38;2;0;255;51m-[38;2;0;255;57m.[38;2;0;255;64m [38;2;0;255;70m.[38;2;0;255;76m-[38;2;0;255;83m.[38;2;0;255;89m [38;2;0;255;96m.[38;2;0;255;102m-[38;2;0;255;108m-[38;2;0;255;115m-[38;2;0;255;121m-[38;2;0;255;127m.[38;2;0;255;134m.[38;2;0;255;140m-[38;2;0;255;147m-[38;2;0;255;153m-[38;2;0;255;159m.[38;2;0;255;166m [38;2;0;255;172m [38;2;0;255;178m.[38;2;0;255;185m-[38;2;0;255;191m-[38;2;0;255;198m-[38;2;0;255;204m-[38;2;0;255;210m.[38;2;0;255;217m [38;2;0;255;223m.[38;2;0;255;229m-[38;2;0;255;236m-[38;2;0;255;242m-[38;2;0;255;249m.[38;2;0;255;255m [38;2;0;249;255m [38;2;0;242;255m [38;2;0;236;255m.[38;2;0;230;255m-[38;2;0;223;255m-[38;2;0;217;255m.[38;2;0;210;255m [38;2;0;204;255m [38;2;0;198;255m.[38;2;0;191;255m-[38;2;0;185;255m.[38;2;0;179;255m [38;2;0;172;255m.[38;2;0;166;255m-[38;2;0;159;255m.[0m +[38;2;0;255;0m|[38;2;0;255;6m [38;2;0;255;13m{[38;2;0;255;19m}[38;2;0;255;25m [38;2;0;255;32m [38;2;0;255;38m}[38;2;0;255;45m|[38;2;0;255;51m [38;2;0;255;57m{[38;2;0;255;64m [38;2;0;255;70m}[38;2;0;255;76m [38;2;0;255;83m|[38;2;0;255;89m{[38;2;0;255;96m [38;2;0;255;102m{[38;2;0;255;108m_[38;2;0;255;115m_[38;2;0;255;121m [38;2;0;255;127m{[38;2;0;255;134m_[38;2;0;255;140m [38;2;0;255;147m [38;2;0;255;153m [38;2;0;255;159m_[38;2;0;255;166m}[38;2;0;255;172m{[38;2;0;255;178m [38;2;0;255;185m{[38;2;0;255;191m_[38;2;0;255;198m_[38;2;0;255;204m [38;2;0;255;210m [38;2;0;255;217m/[38;2;0;255;223m [38;2;0;255;229m [38;2;0;255;236m_[38;2;0;255;242m_[38;2;0;255;249m_[38;2;0;255;255m}[38;2;0;249;255m [38;2;0;242;255m/[38;2;0;236;255m [38;2;0;230;255m{[38;2;0;223;255m}[38;2;0;217;255m [38;2;0;210;255m\[38;2;0;204;255m [38;2;0;198;255m|[38;2;0;191;255m [38;2;0;185;255m [38;2;0;179;255m`[38;2;0;172;255m|[38;2;0;166;255m [38;2;0;159;255m|[0m +[38;2;0;255;0m|[38;2;0;255;6m [38;2;0;255;13m.[38;2;0;255;19m-[38;2;0;255;25m.[38;2;0;255;32m [38;2;0;255;38m\[38;2;0;255;45m|[38;2;0;255;51m [38;2;0;255;57m{[38;2;0;255;64m_[38;2;0;255;70m}[38;2;0;255;76m [38;2;0;255;83m|[38;2;0;255;89m.[38;2;0;255;96m-[38;2;0;255;102m.[38;2;0;255;108m_[38;2;0;255;115m}[38;2;0;255;121m [38;2;0;255;127m}[38;2;0;255;134m [38;2;0;255;140m|[38;2;0;255;147m [38;2;0;255;153m|[38;2;0;255;159m [38;2;0;255;166m [38;2;0;255;172m.[38;2;0;255;178m-[38;2;0;255;185m.[38;2;0;255;191m_[38;2;0;255;198m}[38;2;0;255;204m [38;2;0;255;210m}[38;2;0;255;217m\[38;2;0;255;223m [38;2;0;255;229m [38;2;0;255;236m [38;2;0;255;242m [38;2;0;255;249m [38;2;0;255;255m}[38;2;0;249;255m/[38;2;0;242;255m [38;2;0;236;255m [38;2;0;230;255m/[38;2;0;223;255m\[38;2;0;217;255m [38;2;0;210;255m [38;2;0;204;255m\[38;2;0;198;255m|[38;2;0;191;255m [38;2;0;185;255m|[38;2;0;179;255m\[38;2;0;172;255m [38;2;0;166;255m [38;2;0;159;255m|[0m +[38;2;0;255;0m`[38;2;0;255;6m-[38;2;0;255;13m'[38;2;0;255;19m [38;2;0;255;25m`[38;2;0;255;32m-[38;2;0;255;38m'[38;2;0;255;45m`[38;2;0;255;51m-[38;2;0;255;57m-[38;2;0;255;64m-[38;2;0;255;70m-[38;2;0;255;76m-[38;2;0;255;83m'[38;2;0;255;89m`[38;2;0;255;96m-[38;2;0;255;102m-[38;2;0;255;108m-[38;2;0;255;115m-[38;2;0;255;121m'[38;2;0;255;127m [38;2;0;255;134m [38;2;0;255;140m`[38;2;0;255;147m-[38;2;0;255;153m'[38;2;0;255;159m [38;2;0;255;166m [38;2;0;255;172m`[38;2;0;255;178m-[38;2;0;255;185m-[38;2;0;255;191m-[38;2;0;255;198m-[38;2;0;255;204m'[38;2;0;255;210m [38;2;0;255;217m [38;2;0;255;223m`[38;2;0;255;229m-[38;2;0;255;236m-[38;2;0;255;242m-[38;2;0;255;249m'[38;2;0;255;255m [38;2;0;249;255m`[38;2;0;242;255m-[38;2;0;236;255m'[38;2;0;230;255m [38;2;0;223;255m [38;2;0;217;255m`[38;2;0;210;255m-[38;2;0;204;255m'[38;2;0;198;255m`[38;2;0;191;255m-[38;2;0;185;255m'[38;2;0;179;255m [38;2;0;172;255m`[38;2;0;166;255m-[38;2;0;159;255m'[0m +[38;2;0;255;0mT[38;2;0;255;6mh[38;2;0;255;13me[38;2;0;255;19m [38;2;0;255;25mM[38;2;0;255;32mo[38;2;0;255;38md[38;2;0;255;45me[38;2;0;255;51mr[38;2;0;255;57mn[38;2;0;255;64m [38;2;0;255;70mD[38;2;0;255;76ma[38;2;0;255;83my[38;2;0;255;89m [38;2;0;255;96mP[38;2;0;255;102mo[38;2;0;255;108mr[38;2;0;255;115mt[38;2;0;255;121m [38;2;0;255;127mS[38;2;0;255;134mc[38;2;0;255;140ma[38;2;0;255;147mn[38;2;0;255;153mn[38;2;0;255;159me[38;2;0;255;166mr[38;2;0;255;172m.[0m[0m +[1m[38;2;255;255;0m_[38;2;249;255;0m_[38;2;242;255;0m_[38;2;236;255;0m_[38;2;230;255;0m_[38;2;223;255;0m_[38;2;217;255;0m_[38;2;210;255;0m_[38;2;204;255;0m_[38;2;198;255;0m_[38;2;191;255;0m_[38;2;185;255;0m_[38;2;179;255;0m_[38;2;172;255;0m_[38;2;166;255;0m_[38;2;159;255;0m_[38;2;153;255;0m_[38;2;147;255;0m_[38;2;140;255;0m_[38;2;134;255;0m_[38;2;128;255;0m_[38;2;121;255;0m_[38;2;115;255;0m_[38;2;108;255;0m_[38;2;102;255;0m_[38;2;96;255;0m_[38;2;89;255;0m_[38;2;83;255;0m_[38;2;77;255;0m_[38;2;70;255;0m_[38;2;64;255;0m_[38;2;57;255;0m_[38;2;51;255;0m_[38;2;45;255;0m_[38;2;38;255;0m_[38;2;32;255;0m_[38;2;26;255;0m_[38;2;19;255;0m_[38;2;13;255;0m_[38;2;6;255;0m_[0m +[38;2;255;255;0m:[38;2;249;255;0m [38;2;242;255;0mh[38;2;236;255;0mt[38;2;230;255;0mt[38;2;223;255;0mp[38;2;217;255;0ms[38;2;210;255;0m:[38;2;204;255;0m/[38;2;198;255;0m/[38;2;191;255;0md[38;2;185;255;0mi[38;2;179;255;0ms[38;2;172;255;0mc[38;2;166;255;0mo[38;2;159;255;0mr[38;2;153;255;0md[38;2;147;255;0m.[38;2;140;255;0mg[38;2;134;255;0mg[38;2;128;255;0m/[38;2;121;255;0mG[38;2;115;255;0mF[38;2;108;255;0mr[38;2;102;255;0mQ[38;2;96;255;0ms[38;2;89;255;0mG[38;2;83;255;0my[38;2;77;255;0m [38;2;70;255;0m [38;2;64;255;0m [38;2;57;255;0m [38;2;51;255;0m [38;2;45;255;0m [38;2;38;255;0m [38;2;32;255;0m [38;2;26;255;0m [38;2;19;255;0m [38;2;13;255;0m [38;2;6;255;0m:[0m +[38;2;255;255;0m:[38;2;249;255;0m [38;2;242;255;0mh[38;2;236;255;0mt[38;2;230;255;0mt[38;2;223;255;0mp[38;2;217;255;0ms[38;2;210;255;0m:[38;2;204;255;0m/[38;2;198;255;0m/[38;2;191;255;0mg[38;2;185;255;0mi[38;2;179;255;0mt[38;2;172;255;0mh[38;2;166;255;0mu[38;2;159;255;0mb[38;2;153;255;0m.[38;2;147;255;0mc[38;2;140;255;0mo[38;2;134;255;0mm[38;2;128;255;0m/[38;2;121;255;0mR[38;2;115;255;0mu[38;2;108;255;0ms[38;2;102;255;0mt[38;2;96;255;0mS[38;2;89;255;0mc[38;2;83;255;0ma[38;2;77;255;0mn[38;2;70;255;0m/[38;2;64;255;0mR[38;2;57;255;0mu[38;2;51;255;0ms[38;2;45;255;0mt[38;2;38;255;0mS[38;2;32;255;0mc[38;2;26;255;0ma[38;2;19;255;0mn[38;2;13;255;0m [38;2;6;255;0m:[0m +[38;2;255;255;0m [38;2;249;255;0m-[38;2;242;255;0m-[38;2;236;255;0m-[38;2;230;255;0m-[38;2;223;255;0m-[38;2;217;255;0m-[38;2;210;255;0m-[38;2;204;255;0m-[38;2;198;255;0m-[38;2;191;255;0m-[38;2;185;255;0m-[38;2;179;255;0m-[38;2;172;255;0m-[38;2;166;255;0m-[38;2;159;255;0m-[38;2;153;255;0m-[38;2;147;255;0m-[38;2;140;255;0m-[38;2;134;255;0m-[38;2;128;255;0m-[38;2;121;255;0m-[38;2;115;255;0m-[38;2;108;255;0m-[38;2;102;255;0m-[38;2;96;255;0m-[38;2;89;255;0m-[38;2;83;255;0m-[38;2;77;255;0m-[38;2;70;255;0m-[38;2;64;255;0m-[38;2;57;255;0m-[38;2;51;255;0m-[38;2;45;255;0m-[38;2;38;255;0m-[38;2;32;255;0m-[38;2;26;255;0m-[38;2;19;255;0m-[38;2;13;255;0m-[0m[0m +Real hackers hack time ⌛ + +[1;34m[~][0m The config file is expected to be at "/home/compromyse/.rustscan.toml" +[1;34m[~][0m Automatically increasing ulimit value to 5000. +Open 10.10.11.174:53 +Open 10.10.11.174:88 +Open 10.10.11.174:135 +Open 10.10.11.174:139 +Open 10.10.11.174:389 +Open 10.10.11.174:464 +Open 10.10.11.174:593 +Open 10.10.11.174:636 +Open 10.10.11.174:445 +Open 10.10.11.174:9389 +Open 10.10.11.174:49668 +Open 10.10.11.174:49664 +Open 10.10.11.174:49674 +Open 10.10.11.174:49679 +Open 10.10.11.174:49702 +[1;34m[~][0m Starting Script(s) +[1;38;2;0;255;9m[>][0m Script to be run Some("nmap -vvv -p {{port}} {{ip}}") + +[1;34m[~][0m Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-19 14:57 IST +NSE: Loaded 151 scripts for scanning. +NSE: Script Pre-scanning. +NSE: Starting runlevel 1 (of 3) scan. +Initiating NSE at 14:57 +Completed NSE at 14:57, 0.00s elapsed +NSE: Starting runlevel 2 (of 3) scan. +Initiating NSE at 14:57 +Completed NSE at 14:57, 0.00s elapsed +NSE: Starting runlevel 3 (of 3) scan. +Initiating NSE at 14:57 +Completed NSE at 14:57, 0.00s elapsed +Initiating Parallel DNS resolution of 1 host. at 14:57 +Completed Parallel DNS resolution of 1 host. at 14:57, 0.02s elapsed +DNS resolution of 1 IPs took 0.02s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] +Initiating Connect Scan at 14:57 +Scanning 10.10.11.174 [15 ports] +Discovered open port 53/tcp on 10.10.11.174 +Discovered open port 445/tcp on 10.10.11.174 +Discovered open port 135/tcp on 10.10.11.174 +Discovered open port 139/tcp on 10.10.11.174 +Discovered open port 9389/tcp on 10.10.11.174 +Discovered open port 49668/tcp on 10.10.11.174 +Discovered open port 593/tcp on 10.10.11.174 +Discovered open port 49674/tcp on 10.10.11.174 +Discovered open port 464/tcp on 10.10.11.174 +Discovered open port 636/tcp on 10.10.11.174 +Discovered open port 49702/tcp on 10.10.11.174 +Discovered open port 88/tcp on 10.10.11.174 +Discovered open port 49664/tcp on 10.10.11.174 +Discovered open port 389/tcp on 10.10.11.174 +Discovered open port 49679/tcp on 10.10.11.174 +Completed Connect Scan at 14:57, 0.65s elapsed (15 total ports) +Initiating Service scan at 14:57 +Scanning 15 services on 10.10.11.174 +Completed Service scan at 15:00, 151.27s elapsed (15 services on 1 host) +NSE: Script scanning 10.10.11.174. +NSE: Starting runlevel 1 (of 3) scan. +Initiating NSE at 15:00 +Stats: 0:02:39 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan +NSE: Active NSE Script Threads: 7 (7 waiting) +NSE Timing: About 99.65% done; ETC: 15:00 (0:00:00 remaining) +Stats: 0:02:40 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan +NSE: Active NSE Script Threads: 7 (7 waiting) +NSE Timing: About 99.65% done; ETC: 15:00 (0:00:00 remaining) +Stats: 0:02:40 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan +NSE: Active NSE Script Threads: 7 (7 waiting) +NSE Timing: About 99.65% done; ETC: 15:00 (0:00:00 remaining) +NSE Timing: About 99.95% done; ETC: 15:01 (0:00:00 remaining) +Completed NSE at 15:01, 40.06s elapsed +NSE: Starting runlevel 2 (of 3) scan. +Initiating NSE at 15:01 +NSE Timing: About 98.33% done; ETC: 15:01 (0:00:01 remaining) +Completed NSE at 15:02, 60.71s elapsed +NSE: Starting runlevel 3 (of 3) scan. +Initiating NSE at 15:02 +Completed NSE at 15:02, 0.00s elapsed +Nmap scan report for 10.10.11.174 +Host is up, received user-set (0.33s latency). +Scanned at 2022-08-19 14:57:59 IST for 252s + +PORT STATE SERVICE REASON VERSION +53/tcp open domain? syn-ack +| fingerprint-strings: +| DNSVersionBindReqTCP: +| version +|_ bind +88/tcp open kerberos-sec syn-ack Microsoft Windows Kerberos (server time: 2022-08-19 09:28:07Z) +135/tcp open msrpc syn-ack Microsoft Windows RPC +139/tcp open netbios-ssn syn-ack Microsoft Windows netbios-ssn +389/tcp open ldap syn-ack Microsoft Windows Active Directory LDAP (Domain: support.htb0., Site: Default-First-Site-Name) +445/tcp open microsoft-ds? syn-ack +464/tcp open kpasswd5? syn-ack +593/tcp open ncacn_http syn-ack Microsoft Windows RPC over HTTP 1.0 +636/tcp open tcpwrapped syn-ack +9389/tcp open mc-nmf syn-ack .NET Message Framing +49664/tcp open msrpc syn-ack Microsoft Windows RPC +49668/tcp open msrpc syn-ack Microsoft Windows RPC +49674/tcp open ncacn_http syn-ack Microsoft Windows RPC over HTTP 1.0 +49679/tcp open msrpc syn-ack Microsoft Windows RPC +49702/tcp open msrpc syn-ack Microsoft Windows RPC +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port53-TCP:V=7.80%I=7%D=8/19%Time=62FF57AB%P=x86_64-pc-linux-gnu%r(DNSV +SF:ersionBindReqTCP,20,"\0\x1e\0\x06\x81\x04\0\x01\0\0\0\0\0\0\x07version\ +SF:x04bind\0\0\x10\0\x03"); +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +|_clock-skew: 0s +| p2p-conficker: +| Checking for Conficker.C or higher... +| Check 1 (port 27353/tcp): CLEAN (Timeout) +| Check 2 (port 19493/tcp): CLEAN (Timeout) +| Check 3 (port 45724/udp): CLEAN (Timeout) +| Check 4 (port 4948/udp): CLEAN (Timeout) +|_ 0/4 checks are positive: Host is CLEAN or ports are blocked +| smb2-security-mode: +| 2.02: +|_ Message signing enabled and required +| smb2-time: +| date: 2022-08-19T09:30:33 +|_ start_date: N/A + +NSE: Script Post-scanning. +NSE: Starting runlevel 1 (of 3) scan. +Initiating NSE at 15:02 +Completed NSE at 15:02, 0.00s elapsed +NSE: Starting runlevel 2 (of 3) scan. +Initiating NSE at 15:02 +Completed NSE at 15:02, 0.00s elapsed +NSE: Starting runlevel 3 (of 3) scan. +Initiating NSE at 15:02 +Completed NSE at 15:02, 0.00s elapsed +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 253.00 seconds + diff --git a/support/shell.exe b/support/shell.exe Binary files differnew file mode 100644 index 0000000..1e79ee4 --- /dev/null +++ b/support/shell.exe diff --git a/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI b/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI new file mode 100644 index 0000000..68e6d07 --- /dev/null +++ b/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI @@ -0,0 +1,2 @@ +[General]
+Version=4
diff --git a/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf b/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf Binary files differnew file mode 100644 index 0000000..45972d1 --- /dev/null +++ b/support/support.htb/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf diff --git a/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI b/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI new file mode 100644 index 0000000..c6675f2 --- /dev/null +++ b/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/GPT.INI @@ -0,0 +1,2 @@ +[General]
+Version=1
diff --git a/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf b/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf Binary files differnew file mode 100644 index 0000000..c63aed7 --- /dev/null +++ b/support/support.htb/Policies/{6AC1786C-016F-11D2-945F-00C04fB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf diff --git a/support/userinfo/CommandLineParser.dll b/support/userinfo/CommandLineParser.dll Binary files differnew file mode 100644 index 0000000..84b2c65 --- /dev/null +++ b/support/userinfo/CommandLineParser.dll diff --git a/support/userinfo/Microsoft.Bcl.AsyncInterfaces.dll b/support/userinfo/Microsoft.Bcl.AsyncInterfaces.dll Binary files differnew file mode 100644 index 0000000..476f1b1 --- /dev/null +++ b/support/userinfo/Microsoft.Bcl.AsyncInterfaces.dll diff --git a/support/userinfo/Microsoft.Extensions.DependencyInjection.Abstractions.dll b/support/userinfo/Microsoft.Extensions.DependencyInjection.Abstractions.dll Binary files differnew file mode 100644 index 0000000..edda9e2 --- /dev/null +++ b/support/userinfo/Microsoft.Extensions.DependencyInjection.Abstractions.dll diff --git a/support/userinfo/Microsoft.Extensions.DependencyInjection.dll b/support/userinfo/Microsoft.Extensions.DependencyInjection.dll Binary files differnew file mode 100644 index 0000000..d749915 --- /dev/null +++ b/support/userinfo/Microsoft.Extensions.DependencyInjection.dll diff --git a/support/userinfo/Microsoft.Extensions.Logging.Abstractions.dll b/support/userinfo/Microsoft.Extensions.Logging.Abstractions.dll Binary files differnew file mode 100644 index 0000000..5f578f7 --- /dev/null +++ b/support/userinfo/Microsoft.Extensions.Logging.Abstractions.dll diff --git a/support/userinfo/System.Buffers.dll b/support/userinfo/System.Buffers.dll Binary files differnew file mode 100644 index 0000000..f2d83c5 --- /dev/null +++ b/support/userinfo/System.Buffers.dll diff --git a/support/userinfo/System.Memory.dll b/support/userinfo/System.Memory.dll Binary files differnew file mode 100644 index 0000000..5d19470 --- /dev/null +++ b/support/userinfo/System.Memory.dll diff --git a/support/userinfo/System.Numerics.Vectors.dll b/support/userinfo/System.Numerics.Vectors.dll Binary files differnew file mode 100644 index 0000000..0865972 --- /dev/null +++ b/support/userinfo/System.Numerics.Vectors.dll diff --git a/support/userinfo/System.Runtime.CompilerServices.Unsafe.dll b/support/userinfo/System.Runtime.CompilerServices.Unsafe.dll Binary files differnew file mode 100644 index 0000000..c5ba4e4 --- /dev/null +++ b/support/userinfo/System.Runtime.CompilerServices.Unsafe.dll diff --git a/support/userinfo/System.Threading.Tasks.Extensions.dll b/support/userinfo/System.Threading.Tasks.Extensions.dll Binary files differnew file mode 100644 index 0000000..eeec928 --- /dev/null +++ b/support/userinfo/System.Threading.Tasks.Extensions.dll diff --git a/support/userinfo/UserInfo.exe b/support/userinfo/UserInfo.exe Binary files differnew file mode 100644 index 0000000..1ae3f83 --- /dev/null +++ b/support/userinfo/UserInfo.exe diff --git a/support/userinfo/UserInfo.exe.config b/support/userinfo/UserInfo.exe.config new file mode 100644 index 0000000..489d582 --- /dev/null +++ b/support/userinfo/UserInfo.exe.config @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+ <startup>
+ <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
+ </startup>
+ <runtime>
+ <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+ <dependentAssembly>
+ <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+ <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+ </dependentAssembly>
+ </assemblyBinding>
+ </runtime>
+</configuration>
\ No newline at end of file diff --git a/support/userinfo/exploit.cs b/support/userinfo/exploit.cs new file mode 100644 index 0000000..44da8d1 --- /dev/null +++ b/support/userinfo/exploit.cs @@ -0,0 +1,11 @@ +using System; +using System.DirectoryServices; + +public class main { + public static void Main() { + string password = "nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz"; + entry = new DirectoryEntry("LDAP://support.htb", "support\\ldap", password); + entry.AuthenticationType = AuthenticationTypes.Secure; + ds = new DirectorySearcher(entry); + } +} diff --git a/support/usernames.txt b/support/usernames.txt new file mode 100644 index 0000000..46d0039 --- /dev/null +++ b/support/usernames.txt @@ -0,0 +1,15 @@ +raven.clifton +anderson.damian +monroe.david +cromwell.gerard +west.laura +levine.leopoldo +langley.lucy +daughtler.mabel +bardot.mary +stoll.rachelle +thomas.raphael +smith.rosario +wilson.shelby +hernandez.stanley +ford.victoria
\ No newline at end of file |