24 lines
505 B
Markdown
24 lines
505 B
Markdown
# LDAP
|
|
|
|
## Get Domain
|
|
|
|
```sh
|
|
ldapsearch -H ldap://$TARGET_IP -x -s base namingcontexts
|
|
```
|
|
* Use found namingcontexts DC
|
|
```sh
|
|
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>
|
|
```
|
|
* Authenticated LDAP Search
|
|
```sh
|
|
ldapsearch -H ldap://$TARGET_IP -x -b 'DC=<DC>,DC=<ORG>' -D '<DC>\<user>' -W > outfile
|
|
```
|
|
|
|
## Domain Dump
|
|
|
|
* If a set of credentials are known via
|
|
```sh
|
|
ldapdomaindump $TARGET_IP -u '<domain>\<user>' -p '<password>' --no-json --no-grep
|
|
```
|
|
* Take a look at the genreated HTML files
|