Tech News - HakTechs

ADSearch – A Tool To Help Query AD Via The LDAP Protocol

ADSearch - A Tool To Help Query AD Via The LDAP Protocol

A resource written for cobalt-strike’s execute-assembly command that permits for a lot more efficent querying of Ad.

Important Features

  • Listing all Area Admins
  • Personalized LDAP Research
  • Link to LDAPS Servers
  • Output JSON data from Advert scenarios
  • Retrieve custom characteristics from a generic query (i.e. All computers)

Use 

ADSearch 1...
Copyright c  2020
Utilization:
Query Lively Listing remotely or domestically:
  ADSearch --domain ldap.example.com --password AdminPass1 --username admin --people

  -f, --complete          If established will exhibit all attributes for the returned product.

  -o, --output        File route to output the results to.

  --json              (Default: fake) Output benefits in json format.

  --supress-banner    When set banner will be disabled.

  -G, --teams        Enumerate and return all groups from Advertisement.

  -U, --customers         Enumerate and return all buyers from Advert.

  -C, --computers     Enumerate and return all computer systems joined to the Ad.

  -S, --spns          Enumerate and return all SPNS from Advert.

  --characteristics        (Default: cn) Characteristics to be returned from the effects in csv    structure.

  -s, --lookup        Complete a tailor made look for on the Advert server.

  --area-admins     Endeavor to retreive all Area Admin accounts.

  -u, --username      Makes an attempt to authenticate to Ad with the provided username.

  -p, --password      Tries to authenticate to Advert with the given password.

  -h, --hostname      If established will attempt a distant bind to the hostname. This alternative requires the domain option to be established to a valid DC on the hostname. Will allow for an IP handle to be made use of as properly.

  -p, --port          (Default: 636) If set will endeavor a distant bind to the port based mostly on the IP.

  -d, --area        The area controller we are connecting to in the FQDN structure. If left blank then all other link options are overlooked and the lookups ar   e carried out domestically.

  --insecure          (Default: wrong) If set will converse around port 389 and not use SSL

  --aid              Display screen this assist monitor.

  --edition           Show variation facts.

Screenshots

Screen all SPNs

Screen all end users

Get personalized characteristics back again from customized lookup

Graphic and Posting Source hyperlink

Read through More on Pentesting Equipment

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *