363 - LDAP
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services.
Last updated
Was this helpful?
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services.
Last updated
Was this helpful?
Active Directory information dumper via LDAP
link:
enumerating using username and password:
nmap --script ldap-* 10.10.10.169
Anonymous Credential LDAP Dumping:
ldapsearch -LLL -x -H ldap://10.10.10.175 -b ‘’ -s base ‘(objectclass=*)’
-x
- simple auth
-h 10.10.10.175
- host to query
-s base
- set the scope to base
Find domain name using base naming contexts:
ldapsearch -h 10.10.10.192 -x -s base namingcontexts
Find information using domain name:
ldapsearch -h 10.10.10.192 -x -b "DC=BLACKFIELD,DC=local"
search using credentials:
ldapsearch -h 10.10.10.192 -D cn=support,dc=blackfield,dc=local -w 'password' -x -b 'dc=blackfield,dc=local'
Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
Usage:
Go version of windapsearch
Link:
Link: