-
Notifications
You must be signed in to change notification settings - Fork 5
LDAP
F1shh edited this page Mar 31, 2022
·
1 revision
- LDAPSearch
- Enum4linux
- smbclient.py
Good Resource: https://podalirius.net/en/articles/useful-ldap-queries-for-windows-active-directory-pentesting/
ldapsearch -LLL -H ldap://<domain>.<tld> -D "<user>@<domain>" -w "<password>" -S sub -b "DC=<domain>,DC=<tld>" "(&(objectClass=user))" sAMAccountName | grep -i samaccountname
Other possible Object Classes:
- groupPolicyContainer
- Group
ldapsearch -LLL -H ldap://<domain>.<tld> -D "<user>@<domain>" -w "<password>" -S sub -b "DC=<domain>,DC=<tld>" "(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=Domain Admins, CN=users,DC=<domain>,DC=<tld>))" sAMAccountName | grep -i samaccountname