Network and Host Enumeration
Beacon’s net module provides tools to interrogate and discover targets in a Windows active directory network.
Use net [pid] [arch] [command] [arguments] to inject the network and host enumeration tool into the specified process. Use net [command] [arguments] (without [pid] and [arch] arguments) to spawn a temporary process and inject the network and host enumeration tool into it. An exception is the net domain command which is implemented as a BOF.net domain.
The commands in Beacon’s net module are built on top of the Windows Network Enumeration APIs. Most of these commands are direct replacements for many of the built-in net commands in Windows (there are also a few unique capabilities here as well). The following commands are available:
computers - lists hosts in a domain (groups)
dclist - lists domain controllers. (populates the targets model)
domain - display domain for this host
domain_controllers - lists DCs in a domain (groups)
domain_trusts - lists domain trusts
group - lists groups and users in groups
localgroup - lists local groups and users in local groups. (great during lateral movement when you have to find who is a local admin on another system).
logons - lists users logged onto a host
sessions - lists sessions on a host
share - lists shares on a host
user - lists users and user information
time - show time for a host
view - lists hosts in a domain (browser service). (populates the targets model)