Ldapsearch

Description

Python3 script to quickly get various information from a domain controller through its LDAP service.

Usage

InformationsWhoamiTrustsPassword PolicyAdminsKerberoastAsreproastGolden TicketAll

ldapsearch -l 10.10.10.10 -t info

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t whoami

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t trusts 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t pass-pols 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t admins 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t kerberoast 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t asreproast 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t goldenticket 

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -p 'Passw0rd!' -t all 

Authentication

AnonymousWith NTML hash

ldapsearch -H ldap://dc1.qu35t.pw -U qu35t -b 'DC=QU35T,DC=LOCAL'

ldapsearch -l 10.10.10.10 -d qu35t.pw -u qu35t -hashes :32ed87bdb5fdc5e9cba88547376818d4 -t all 

References

• Github - Official
• Ippsec - Scrambled