LDAP

Jump to bottom

F1shh edited this page Mar 31, 2022 · 1 revision

Good Enumeration Tools

LDAPSearch
Enum4linux
smbclient.py

LDAPSearch

Good Resource: https://podalirius.net/en/articles/useful-ldap-queries-for-windows-active-directory-pentesting/

Basic User Search

ldapsearch -LLL -H ldap://<domain>.<tld> -D "<user>@<domain>" -w "<password>" -S sub -b "DC=<domain>,DC=<tld>" "(&(objectClass=user))" sAMAccountName | grep -i samaccountname

Other possible Object Classes:

groupPolicyContainer
Group

Domain Admin Matching Rule And Chain

ldapsearch -LLL -H ldap://<domain>.<tld> -D "<user>@<domain>" -w "<password>" -S sub -b "DC=<domain>,DC=<tld>" "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=Domain Admins, CN=users,DC=<domain>,DC=<tld>))" sAMAccountName | grep -i samaccountname