LDAP
Post

LDAP

Standard Port: 389/tcp, 636/tcp

Connectivity Test

  1. ldapsearch -h <ip> -x

Base DN lookup

  1. ldapsearch -h <ip> -x -s base namingcontexts

LDAP Anonymous Query

  1. ldapsearch -h <ip> -x -b '<base DN>' > anonymous.out

Group Enumeration

  1. cat anonymous.out | grep -i 'memberOf'

User Enumeration

  1. ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=person)'
  2. ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=organizationalPerson)'
  3. ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=user)'
  4. ldapsearch -h <ip> -x -b '<base DN>' '(objectClass=<Object Class>)' sAMAccountName | grep sAMAccountName