You have compromised a lower-level administrator account on an Active Directory network of a small company. While enumerating, you connect to a Domain Controller on port 389 using ldp.exe. What are you trying to accomplish here?

• A. Enumerate MX and A records from DNS
• B. Establish a remote connection to the Domain Controller
• C. Poison the DNS records with false records
• D. Enumerate domain user accounts and built-in groups

Answer: (D)

Port 389 is LDAP, and ldp.exe is a tool used to query Active Directory through its LDAP interface. When you connect to a Domain Controller with LDAP for enumeration, the goal is to pull directory information about users and groups. This lets you see domain user accounts and the built-in groups they belong to, which is crucial for understanding who has what access and how to move laterally. The task is not about DNS records (that would involve port 53 and DNS tools), nor merely about establishing a remote connection, nor about poisoning DNS. So the action described is best understood as enumerating domain user accounts and built-in groups.