killchain-compendium/enumeration/docs/ldap.md

24 lines
505 B
Markdown
Raw Normal View History

2022-03-10 01:31:54 +01:00
# LDAP
## Get Domain
```sh
2022-03-19 23:39:17 +01:00
ldapsearch -H ldap://$TARGET_IP -x -s base namingcontexts
```
* Use found namingcontexts DC
```sh
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>
```
* Authenticated LDAP Search
```sh
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>' -D '<DC>\<user>' -W > outfile
2022-03-10 01:31:54 +01:00
```
## Domain Dump
* If a set of credentials are known via
```sh
ldapdomaindump $TARGET_IP -u '<domain>\<user>' -p '<password>' --no-json --no-grep
```
* Take a look at the genreated HTML files