whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Enumeration/LDAP.md

607 B
Raw Blame History

LDAP

Get Domain

Use the ldapsearch tool to receive information from an LDAP server.

ldapsearch -H ldap://$TARGET_IP -x -s base namingcontexts
  • Use found namingcontexts DC
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>
  • Authenticated LDAP Search
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>' -D '<DC>\<user>' -W > outfile

Domain Dump

If a set of LDAP credentials is known dump the domain via

ldapdomaindump $TARGET_IP  -u '<domain>\<user>' -p '<password>' --no-json --no-grep

The result is a set of HTML files, take a look at them.