LDAP - 389

NMAP

ls /usr/share/nmap/scripts/ | grep LDAP

Scans

nmap -n -sV --script "ldap* and not brute"

ldapsearch -h <IP> -x -s base
ldapsearch -h <IP> -x -D '<DOMAIN>\<USER>' -w '<PASSWORD>' -b "DC=<1_SUBDOMAIN>,DC=<TDL>"3

Graphical Interface

jxplorer

ldapsearch

#use this without creds for anonymous binding 

attemptldapsearch -h 10.10.10.33 -p 389 -x -s base -b " "(objectClass=*)" "*" + | more

GetAdUsers.py

Use this impacket python script to enumerate users and login/email details from a DC

/usr/share/doc/python-impacket/examples/GetADUsers.py -all contoso.com/SVC_TGS -dc-ip 10.10.10.33

LDAP Brute Patator

serverpatator ldap_login host=10.11.1.33 port=389 binddn='cn=COMBO00,OU=Users' bindpw=COMBO01 0=/root/oscp/lab-net2019/combo-creds.txt

PreviousPOP3 - 110 NextIRC 667

Last updated 4 years ago

Was this helpful?