LDAP - Reconnaissance
A list of LDAP Reconnaissance Techniques.
Throught RPC
Check if we can connect into RPC in anonymous.
If we got an access run enum4linux
to enumerate users, groups, shares, etc
Throught SMB
Metasploit modules
sids lookup:
auxiliary/scanner/smb/smb_lookupsid
Throught Kerberos
Find valid users using kerbrute: https://github.com/ropnop/kerbrute
LDAP - Bruteforcing
LDAP - login bruteforce
Using crackmapexec
Using Kerberos
Find valid users using kerbrute: https://github.com/ropnop/kerbrute
Last updated