# 389 - Pentesting LDAP

## Base Naming Context

You need to find the base naming context using the below command

```python
ldapsearch -H ldap://10.10.11.168 -x -s base namingcontexts
```

### After Getting Base naming Context

<pre class="language-python" data-overflow="wrap"><code class="lang-python">ldapsearch -H ldap://10.10.11.168 -x -b "DC=scrm,DC=local" 

or

ldapsearch -H ldap://10.10.11.168 -x -s sub -b "DC=scrm,DC=local"

or

ldapsearch -H ldap://10.10.11.168 -x -s base -b "DC=scrm,DC=local" 

# now you will get a lot of information to where you can find usernames and other information as well
<strong>#try to do grepping on it as well (grep -i pwd, svc,user,password,)like this 
</strong></code></pre>

## Getting SamAccount name from LdapSearch

{% code overflow="wrap" %}

```python
ldapsearch -H ldap://10.10.87.0 -x -b "DC=baby,DC=vl"  | grep -i samaccountname | awk -F ': ' '{print $2}'
```

{% endcode %}

## Getting Description from LdapSearch

{% code overflow="wrap" %}

```python
ldapsearch -H ldap://10.10.87.0 -x -b "DC=baby,DC=vl" | grep description
```

{% endcode %}