ADWSDomainDump

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://github.com/mverschu/adwsdomaindump
• Blog Title: ADWSDomainDump
• Suggested Section: Windows Hardening -> Active Directory Methodology (add a subsection like "AD Enumeration via ADWS (TCP/9389)" and reference ADWSDomainDump as a tool; cross-link from Network Services Pentesting if a 9389/ADWS page exists/gets added)

🎯 Content Summary

What this project is

ADWSDomainDump is an Active Directory information dumping / enumeration tool that performs “domain dump” style recon by querying a Domain Controller via ADWS (Active Directory Web Services) instead of classic LDAP queries. It is explicitly described as a fork/adaptation of LDAPDomainDump (original: https://github.com/dirkjanm/ldapdomaindump/), converted to use ADWS for evasion purposes.

How it works (prot...

🔧 Technical Details

AD reconnaissance via ADWS (TCP/9389) instead of LDAP (evasion-oriented collection): If you have valid AD credentials, you can enumerate (“domain dump”) Active Directory by authenticating to Active Directory Web Services rather than sending LDAP queries. This shifts recon traffic to ADWS on TCP/9389 and can reduce detection in environments tuned for LDAP-based discovery tooling/patterns. Practical flow: connect to DC ADWS → verify 9389 reachable → bind/authenticate → run ADWS queries to collect directory information.

Reduce pre-check noise / handle filtering by skipping connectivity checks: If a tool performs explicit service reachability tests prior to enumeration, use its “force”/override option (here: --force) to bypass the preliminary port check while still attempting the actual bind/query logic. This can help when monitoring is focused on simple port probes or when the check is unreliable.

🤖 Agent Actions

Summary:

• Documented ADWSDomainDump on the ADWS enumeration page, highlighting its ADWS-based domain dump flow, stealth rationale, install, usage, preflight check/--force behavior, and observed EDR bypass notes.
• Expanded references to include the ADWSDomainDump repository.

Tests:

• Not run (documentation changes only).

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://github.com/mverschu/adwsdomaindump

Content Categories: Based on the analysis, this content was categorized under "Windows Hardening -> Active Directory Methodology (add a subsection like "AD Enumeration via ADWS (TCP/9389)" and reference ADWSDomainDump as a tool; cross-link from Network Services Pentesting if a 9389/ADWS page exists/gets added)".

Repository Maintenance:

• MD Files Formatting: 948 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0