389 - Pentesting LDAP

Base Naming Context

You need to find the base naming context using the below command

ldapsearch -H ldap://10.10.11.168 -x -s base namingcontexts

After Getting Base naming Context

ldapsearch -H ldap://10.10.11.168 -x -b "DC=scrm,DC=local" 

or

ldapsearch -H ldap://10.10.11.168 -x -s sub -b "DC=scrm,DC=local"

or

ldapsearch -H ldap://10.10.11.168 -x -s base -b "DC=scrm,DC=local" 

# now you will get a lot of information to where you can find usernames and other information as well
#try to do grepping on it as well (grep -i pwd, svc,user,password,)like this

Getting SamAccount name from LdapSearch

ldapsearch -H ldap://10.10.87.0 -x -b "DC=baby,DC=vl"  | grep -i samaccountname | awk -F ': ' '{print $2}'

Getting Description from LdapSearch

ldapsearch -H ldap://10.10.87.0 -x -b "DC=baby,DC=vl" | grep description

Previous111 - Pentesting RPC Next445 - Pentesting SMB

Last updated 5 months ago