LDAP Monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#ldap #monitor
ldapconsole
It's a script allowing to perfom custom LDAP queries to a Windows domain and select specific attributes.
Features
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
https://github.com/p0dalirius/ldapconsole
#ldap #query #tools
It's a script allowing to perfom custom LDAP queries to a Windows domain and select specific attributes.
Features
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
https://github.com/p0dalirius/ldapconsole
#ldap #query #tools
GitHub
GitHub - p0dalirius/ldapconsole: The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain. - p0dalirius/ldapconsole
ADenum
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
ldap2json — Offline Analysis Tool
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Features:
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
— Save ldap content in json format
https://github.com/p0dalirius/ldap2json
#ldap #json #tools #redteam
The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.
Features:
— Authenticate with password
— Authenticate with LM:NT hashes
— Authenticate with kerberos ticket
— Save ldap content in json format
https://github.com/p0dalirius/ldap2json
#ldap #json #tools #redteam
👍1
ADExplorerSnapshot
ADExplorerSnapshot is an AD Explorer snapshot ingestor for BloodHound.
AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files.
https://github.com/c3c/ADExplorerSnapshot.py
#adexplorer #ldap #json #bloodhound
ADExplorerSnapshot is an AD Explorer snapshot ingestor for BloodHound.
AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server you are currently attached to. This tool allows you to convert those snapshots to BloodHound-compatible JSON files.
https://github.com/c3c/ADExplorerSnapshot.py
#adexplorer #ldap #json #bloodhound
LDAP Relay Scan
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
GitHub
GitHub - zyn3rgy/LdapRelayScan: Check for LDAP protections regarding the relay of NTLM authentication
Check for LDAP protections regarding the relay of NTLM authentication - zyn3rgy/LdapRelayScan
🔍 LDAP Search Reference
A detailed reference for using ldapsearch for RedTeam operations.
https://malicious.link/post/2022/ldapsearch-reference/
#ad #ldap #ldapsearch #redteam
A detailed reference for using ldapsearch for RedTeam operations.
https://malicious.link/post/2022/ldapsearch-reference/
#ad #ldap #ldapsearch #redteam
👍1
APT
📜 Abuse AD CS via dNSHostName Spoofing This blog covers the technical details of CVE-2022-26923. Active Directory Domain Services Elevation of Privilege Vulnerability via AD CS dNSHostName Spoofing. https://research.ifcr.dk/certifried-active-directory-domain…
🛠 DNSHostName Spoofing combined with KrbRelayUp
Domain user to domain admin without the requirement for adding/owning previously a computer account. Step-by-step write-up of the attack in a pure Windows environment.
https://gist.github.com/tothi/f89a37127f2233352d74eef6c748ca25
#ad #adcs #privesc #ldap #relay #redteam
Domain user to domain admin without the requirement for adding/owning previously a computer account. Step-by-step write-up of the attack in a pure Windows environment.
https://gist.github.com/tothi/f89a37127f2233352d74eef6c748ca25
#ad #adcs #privesc #ldap #relay #redteam
Gist
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts
Certifried combined with KrbRelayUp: non-privileged domain user to Domain Admin without adding/pre-owning computer accounts - certifried_with_krbrelayup.md
🔥4
🔎 ldeep
In-depth LDAP enumeration utility.
https://github.com/franc-pentest/ldeep
Install:
Enumerate ACEs of the AdminSDHolder object
In-depth LDAP enumeration utility.
https://github.com/franc-pentest/ldeep
Install:
$ pip3 install ldeepUsage Example:
Enumerate ACEs of the AdminSDHolder object
$ ldeep ldap -s 'ldap://10.10.13.37' -d megacorp -u j.doe -p 'Passw0rd!' -b 'CN=System,DC=megacorp,DC=local' sddl AdminSDHolder | jq '.[].nTSecurityDescriptor.DACL.ACEs[] | select(.Type | contains("Allowed")) | .SID + " :: " + .Type'
Convert SID to name$ ldeep ldap -s 'ldap://10.10.13.37' -d megacorp -u j.doe -p 'Passw0rd!' from_sid <SID>#ad #ldap
🔥5👍1