Tech News - HakTechs

ADSearch – A Tool To Help Query AD Via The LDAP Protocol

ADSearch – A Tool To Help Query AD Via The LDAP Protocol

A resource written for cobalt-strike’s execute-assembly command that permits for a lot more efficent querying of Ad.

Important Features

  • Listing all Area Admins
  • Personalized LDAP Research
  • Link to LDAPS Servers
  • Output JSON data from Advert scenarios
  • Retrieve custom characteristics from a generic query (i.e. All computers)

Use 

ADSearch 1...
Copyright c  2020
Utilization:
Query Lively Listing remotely or domestically:
  ADSearch --domain ldap.example.com --password AdminPass1 --username admin --people

  -f, --complete          If established will exhibit all attributes for the returned product.

  -o, --output        File route to output the results to.

  --json              (Default: fake) Output benefits in json format.

  --supress-banner    When set banner will be disabled.

  -G, --teams        Enumerate and return all groups from Advertisement.

  -U, --customers         Enumerate and return all buyers from Advert.

  -C, --computers     Enumerate and return all computer systems joined to the Ad.

  -S, --spns          Enumerate and return all SPNS from Advert.

  --characteristics        (Default: cn) Characteristics to be returned from the effects in csv    structure.

  -s, --lookup        Complete a tailor made look for on the Advert server.

  --area-admins     Endeavor to retreive all Area Admin accounts.

  -u, --username      Makes an attempt to authenticate to Ad with the provided username.

  -p, --password      Tries to authenticate to Advert with the given password.

  -h, --hostname      If established will attempt a distant bind to the hostname. This alternative requires the domain option to be established to a valid DC on the hostname. Will allow for an IP handle to be made use of as properly.

  -p, --port          (Default: 636) If set will endeavor a distant bind to the port based mostly on the IP.

  -d, --area        The area controller we are connecting to in the FQDN structure. If left blank then all other link options are overlooked and the lookups ar   e carried out domestically.

  --insecure          (Default: wrong) If set will converse around port 389 and not use SSL

  --aid              Display screen this assist monitor.

  --edition           Show variation facts.

Screenshots

Screen all SPNs

ADSearch 1 all spns

Screen all end users

ADSearch 2 all users

Get personalized characteristics back again from customized lookup

ADSearch 3 custom attributes

UPDX62Eqt9A

Graphic and Posting Source hyperlink

Read through More on Pentesting Equipment

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: