LDAP_Search – Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

0
3
LDAP_Search - Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAP_Search can be utilized to enumerate Users, Groups, and Computers on a Windows Domain. Authentication will be carried out utilizing conventional username and password, or NTLM hash. In addition, this instrument has been modified to permit brute power/password-spraying by way of LDAP. Ldap_Search makes use of Impackets python36 department to carry out the primary operations. (These are the blokes that did the true heavy lifting and deserve the credit score!)


Installation

git clone --recursive https://github.com/m8r0wn/ldap_search
cd ldap_search
sudo chmod +x setup.sh
sudo ./setup.sh

Usage
Enumerate all energetic customers on a site:

python3 ldap_search.py customers -u user1 -p Password1 -d demo.native

Lookup a single person and show discipline headings:

python3 ldap_search.py customers -q AdminUser -u user1 -p Password1 -d demo.native

Enumerate all computer systems on a site:

python3 ldap_search.py computer systems -u user1 -p Password1 -d demo.native

Search for finish of life techniques on the area:

python3 ldap_search.py computer systems -q eol -u user1 -p Password1 -d demo.native -s DC01.demo.native

Enumerate all teams on the area:

python3 ldap_search.py teams -u user1 -p Password1 -d demo.native -s 192.168.1.1

Query group members:

python3 ldap_search.py teams -q "Domain Admins" -u user1 -p Password1 -d demo.native

Queries
Below are the question choices that may be specified utilizing the “-q” argument:

User
  energetic / [None] - All energetic customers (Default)
  all - All customers, even disabled
  [specific account or email] - lookup person, ex. "m8r0wn"
  
group
  [None] - All area teams
  [Specific group name] - lookup group members, ex. "Domain Admins"
 
laptop
  [None] - All Domain Computers
  eol - search for all finish of life techniques on area

Options

positional arguments:
  lookup_type       Lookup Types: person, group, laptop

optionally available arguments:
  -q QUERY          Specify person or group to question or use eol.
  -u USER           Single username
  -U USER           Users.txt file
  -p PASSWD         Single password
  -P PASSWD         Password.txt file
  -H HASH           Use Hash for Authentication
  -d DOMAIN         Domain (Ex. demo.native)
  -s SRV, -srv SRV  LDAP Server (optionally available)
  -t TIMEOUT        Connection Timeout (Default: 4)
  -v                Show Search Result Attribute Names
  -vv               Show Failed Logins & Errors

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.