SilentHound – Quietly Enumerate An Active Directory Domain Via LDAP Parsing Users, Admins, Groups, Etc.

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install –user pipenvgit clone silenthoundpipenv install This will create an isolated virtual environment with dependencies needed for the project. To use the project youRead More

LDAPFragger – Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP

LDAPFragger is a Command and Control tool that enables attackers to route Cobalt Strike beacon data over LDAP using user attributes. For background information, read the release blog: Dependencies and installation Compiled with .NET 4.0, but may work with older and newer .NET frameworks as well Usage Active Directory domain –ldaps: Use LDAPS insteadRead More

LDAP shell – AD ACL Abuse

This repository contains a small tool inherited from ldap_shell ( Installation These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go: git clone ldap_shellpython3 install Usage Connection options ldap_shell domain.local/user:passwordldap_shell domain.local/user:password -dc-ip domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1export KRB5CCNAME=/home/user/ticket.ccacheldap_shell -k -no-pass domain.local/userRead More

LDAP-Password-Hunter – Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of (Impacket) and ldapsearch in order to look up for password stored in LDAP database. Impacket getTGT.pyRead More

ADenum – A Pentesting Tool That Allows To Find Misconfiguration Through The The Protocol LDAP And Exploit Some Of Those Weaknesses With Kerberos

AD Enum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos. cracking (john) -jp [path] John binary path -w [wordList] The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt -v, –version Show program’s version number and exit -s Use LDAP withRead More

LDAPmonitor – Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object. Features Feature Python (.py) CSharp (.exe) Powershell (.ps1) LDAPS support ✔️ ✔️ ✔️ Random delay in seconds between queriesRead More

SharpLAPS – Retrieve LAPS Password From LDAP

The attribute ms-mcs-AdmPwd stores the clear-text LAPS password. This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory. Require (either): Account with ExtendedRight or Generic All Rights Domain Admin privilege Usage LDAP host to target, most likely the DC Optional /user:<username> UsernameRead More

Msldap – LDAP Library For Auditing MS AD

msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL (see below) Supports integrated windows authentication (SSPI) both with NTLM and with KERBEROS Supports channel binding (for ntlm and kerberos not SSPI) Supports encryption (for NTLM/KERBEROS/SSPI) Supports LDAPSRead More

Ldsview – Offline search tool for LDAP directory dumps in LDIF format

Offline search tool for LDAP directory dumps in LDIF format. Features Fast and memory efficient parsing of LDIF files Build ldapsearch commands to extract an LDIF from a directory Show directory structure UAC and directory time format translation Config Config options can be passed as CLI flags, environment variables, or via a config file courtseyRead More

ADSearch – A Tool To Help Query AD Via The LDAP Protocol

A tool written for cobalt-strike’s execute-assembly command that allows for more efficent querying of AD. Key Features List all Domain Admins Custom LDAP Search Connect to LDAPS Servers Output JSON data from AD instances Retrieve custom attributes from a generic query (i.e. All computers) Usage ADSearch c 2020USAGE:Query Active Directory remotely or locally: ADSearchRead More