ldap

# list PKIs/CAs
cme ldap "domain_controller" -d "domain" -u "user" -p "password" -M adcs

# list subnets referenced in AD-SS
cme ldap "domain_controller" -d "domain" -u "user" -p "password" -M subnets

# machine account quota
cme ldap "domain_controller" -d "domain" -u "user" -p "password" -M maq

# users description
cme ldap "domain_controller" -d "domain" -u "user" -p "password" -M get-desc-users

ldapdomaindump is an Active Directory information dumper via LDAP, outputting information in human-readable HTML files.

ldapdomaindump --user 'DOMAIN\USER' --password $PASSWORD --outdir ldapdomaindump $DOMAIN_CONTROLLER

LDAP anonymous binding is usually disabled but it's worth checking. It could be handy to list the users and test for ASREProasting (since this attack needs no authentication).

Previous11211 - PHPMemCached NextHardening

Last updated 1 year ago