LDAP
ABOUT
Lightweight directory access protocol (LDAP) is a protocol that helps users find data about organizations, persons, and more. LDAP has two main goals: to store data in the LDAP directory and authenticate users to access the directory. It also provides the communication language that applications require to send and receive information from directory services. A directory service provides access to where information on organizations, individuals, and other data is located within a network.
Basic LDAP Components
DIT- Directory Information treeDN- Distinguished name, which contains a path through the DIT for LDAP to navigate (ex. cn=Susan, ou=users, o=Company)dc- Domain Access Component - uses DNS mapping to locate Internet domain names and translate them into Ip address. Most users don’t know the domain name and/or IP address of the individual they’re searching for. In this case, LDAP uses the Distinguished Name (DN) assigned to the user as a path to quickly navigate through the DIT and find the search result.o- o subclass is one of the most general subclasses listed in the DN, and it is usually where LDAP starts when it runs a searchou- Organizational Unit. Subclass of o. Mostly seen as ou=users or/and ou=group, with each containing a list of user accounts or groups.cn- Common Name. Used to identify the name of a group or user account.
CrackMapExec
crackmapexec ldap {DOMAIN} -u amogus -p kek1 -M adcsLDAPSearch
ldapsearch -x -H 'ldap://13.13.13.13' -b "dc=militech,dc=local" | grep 'userPrincipalName' | tr '@' ' ' | awk '{print $2}'Last updated