ldap :389 :636 :3268 :3269
Recon
# get domain infomation from IP
ldapsearch -h DOMAIN|IP -x -s base namingcontexts
# -x: Use simple Auth | -X: use SASL mechanism
Login
# null creds
ldapsearch -x -h IP -D '' -w '' -b "DC=DOMAIN,DC=DOMAIN"
ldapsearch -x -h IP -D 'DOMAIN\USER' -w 'PASS' -b "DC=DOMAIN,DC=DOMAIN"
User enumeration
ldapsearch -H ldap://IP -x -b "DC=DOMAIN,DC=DOMAIN" "(objectClass=person)" | grep "sAMAccountName:"
ldapdomaindump
ldapdomaindump -u 'DOMAIN\USER' -p PASS IP
Last updated
Was this helpful?