- Joined
- May 15, 2017
- Messages
- 982
- Likes
- 760
- Points
- 1,045
LDAP_Search can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash.
In addition, this tool has been modified to allow brute force/password-spraying via LDAP. Ldap_Search makes use of Impackets python36 branch to perform the main operations.
Installation
Usage
Enumerate all active users on a domain:
Queries
Below are the query options that can be specified using the "-q" argument:
In addition, this tool has been modified to allow brute force/password-spraying via LDAP. Ldap_Search makes use of Impackets python36 branch to perform the main operations.
Installation
Code:
git clone --recursive https://github.com/m8r0wn/ldap_search
cd ldap_search
sudo chmod +x setup.sh
sudo ./setup.sh
Usage
Enumerate all active users on a domain:
Lookup a single user and display field headings:Code:
python3 ldap_search.py users -u user1 -p Password1 -d demo.local
Enumerate all computers on a domain:Code:
python3 ldap_search.py users -q AdminUser -u user1 -p Password1 -d demo.local
Search for end of life systems on the domain:Code:
python3 ldap_search.py computers -u user1 -p Password1 -d demo.local
Enumerate all groups on the domain:Code:
python3 ldap_search.py computers -q eol -u user1 -p Password1 -d demo.local -s DC01.demo.local
Query group members:Code:
python3 ldap_search.py groups -u user1 -p Password1 -d demo.local -s 192.168.1.1
Code:
python3 ldap_search.py groups -q "Domain Admins" -u user1 -p Password1 -d demo.local
Queries
Below are the query options that can be specified using the "-q" argument:
Download Ldap_SearchCode:
User
active / [None] - All active users (Default)
all - All users, even disabled
[specific account or email] - lookup user, ex. "m8r0wn"
group
[None] - All domain groups
[Specific group name] - lookup group members, ex. "Domain Admins"
computer
[None] - All Domain Computers
eol - look for all end of life systems on domain