search
DiscordHackTheBoxTryHackMeGitHub

LDAP

hashtag
ABOUT

Lightweight directory access protocol (LDAP) is a protocol that helps users find data about organizations, persons, and more. LDAP has two main goals: to store data in the LDAP directory and authenticate users to access the directory. It also provides the communication language that applications require to send and receive information from directory services. A directory service provides access to where information on organizations, individuals, and other data is located within a network.

hashtag
Basic LDAP Components

  • DIT - Directory Information tree

  • DN - Distinguished name, which contains a path through the DIT for LDAP to navigate (ex. cn=Susan, ou=users, o=Company)

  • dc - Domain Access Component - uses DNS mapping to locate Internet domain names and translate them into Ip address. Most users don’t know the domain name and/or IP address of the individual they’re searching for. In this case, LDAP uses the Distinguished Name (DN) assigned to the user as a path to quickly navigate through the DIT and find the search result.

  • o - o subclass is one of the most general subclasses listed in the DN, and it is usually where LDAP starts when it runs a search

  • ou - Organizational Unit. Subclass of o. Mostly seen as ou=users or/and ou=group, with each containing a list of user accounts or groups.

  • cn - Common Name. Used to identify the name of a group or user account.

hashtag
CrackMapExec

crackmapexec ldap {DOMAIN} -u amogus -p kek1 -M adcs

hashtag
LDAPSearch

ldapsearch -x -H 'ldap://13.13.13.13' -b "dc=militech,dc=local" | grep 'userPrincipalName' | tr '@' ' ' | awk '{print $2}'
PreviousWMINextDatabases

Last updated