ldapsearch - wook413

# Anonymous Bind ```bash ldapsearch -x -H ldap://$IP -b "dc=example,dc=com" ``` - `-x`: simple authentication (null authentication) - `-H`: Host URL - `-b`: base DN # Assume base DN ```bash ldapsearch -x -H ldap://$IP -s base namingContexts ``` # Enumerate ```bash ldapsearch -x -H ldap://$IP -b "dc=example,dc=com" "(objectClass=user)" sAMAccountName description ldapsearch -x -H ldap://$IP -b "dc=example,dc=com" "(objectClass=*)" ldapsearch -x -H ldap://$IP -b "dc=monitored,dc=htb" "(sAMAccountName=*)" ldapsearch -x -H ldap://$IP -b "dc=monitored,dc=htb" "(uid=*)" ldapsearch -x -H ldap://$IP -b "dc=monitored,dc=htb" "(cn=*)" ldapsearch -x -H ldap://$IP -b "dc=moniotred,dc=htb" "user" ldapsearch -H ldap://$IP -D '[email protected]' -w 'nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz' -b "DC=support,DC=htb"| less ``` # Bind a user ```bash ldapwhoami -x -D "CN=user,OU=Users,DC=example,DC=com" -w 'password' -H ldap://$IP ```