Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Python3 script to quickly get various information from a domain controller through its LDAP service.
I'm used to launch it as soon as I get valid AD credentials, while BloodHound and PingCastle are processing.
ldap3
: to connect to the ldap service of target domain controllerpycryptodome
: to connect using hash instead of passwordWith pipx
:
pipx install git+https://github.com/yaap7/ldapsearch-ad
Simply get the source code and install the requirements:
git clone https://github.com/yaap7/ldapsearch-ad.git
cd ldapsearch-ad
pip install -r ./requirements.txt
Basically, if you do not have valid credentials yet, you can only use:
ldapsearch-ad.py -l 192.168.56.20 -t info
And once you get valid credentials, you will want to use -all
with the logging option to get back to results later:
ldapsearch-ad.py -l 192.168.56.20 -d evilcorp -u jjohnny -p 'P@$$word' -o evilcorp_discover_all.log -t all
Thanks to Like0x from P1-Team, it is now possible to use it even with the hash:
./ldapsearch-ad.py -l 192.168.56.20 -d evilcorp -u jjohnny -hashes :32ed87bdb5fdc5e9cba88547376818d4 -t show-admins
More examples can be found in USAGE.md.
Done:
-t
options are shown in USAGE.md and explain most complicated options : kerberoast, search-spn, asreproast, goldenticket, search-delegation, createsid.search
examples (see https://phonexicum.github.io/infosec/windows.html and https://blog.xpnsec.com/kerberos-attacks-part-2/)-t all
CN=<user_SID>,CN=ForeignSecurityPrincipals,DC=domain,DC=com
)Feel free to fork, adapt, modify, contribute, and do not hesitate to send a pull request so the tool could be improved for everyone.
I would even make you a collaborator if you want so you could contribute directly on this repo!
createsid
feature.-n
option to request data from the Global Catalog, and the -t search-foreign-security-principals
feature.setup.py
to allow easy installation through pipx
! 🎊-t goldenticket
.Obviously, all credits goes to people who discover the technics and vulnerabilities. This tool is only an humble attempt to implement their technics using python3 to understand how things work and because I like to play with the LDAP interface of Active Directory. Unfortunately, I heard the ldap interface could be removed from domain controllers in the future :(
Thanks to Bengui for the username convention.
FAQs
ldapsearch tool to find vulnerable configuration in Active Directory
We found that ldapsearchad demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.