389 LDAP

LDAP is an industry standard protocol allow access and maintenance to Directory Information Services over an IP network. In our case, we'll focus on its use in the context of Active Directory.

windapsearch.py

Windapsearch is a Python script to help enumerate users, groups and computers from a Windows domain through LDAP queries, mainly by using the python-ldap module. Its ease of use in command line makes it my first choice when enumerating LDAP ; if nothing comes up, I'll switch to the more flexible and complete ldapsearch (see below).

./windapsearch.py -d resolute.megabank.local --dc-ip 10.10.10.169 -U --full

ldapsearch

ldapsearch -x -b "dc=cascade,dc=local" -H ldap://10.10.10.182 -W ""

Previous139/445 SMB NextEndpoint Basics

Last updated 4 years ago

Was this helpful?