>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Active Directory / windapsearch - LDAP Enumeration

windapsearch - LDAP Enumeration

Active Directory AD Enumeration linux

Anonymous user list

windapsearch -u "" --dc-ip $target -U | grep '@' | cut -d ' ' -f 2 | cut -d '@' -f 1 | uniq > users.txt

Authenticated full enumeration

windapsearch -d test.local -u user -p pass -U --full
windapsearch -d test.local -u user -p pass -U --full | egrep -i "pwd|pass|token|cred"

Extract sAMAccountName + description (creds in description)

python3 windapsearch.py --dc-ip 192.168.192.142 -U --full | grep sAMAccountName
python3 windapsearch.py --dc-ip 192.168.192.142 -U --full | grep -iE "sAMAccountName | description"

Group enumeration

python3 windapsearch.py --dc-ip 192.168.192.142 -G | grep cn

Computers and unconstrained delegation

python3 windapsearch.py -u user1 -p Password@123 -d thecyborg.lab -C
python3 windapsearch.py -u user1 -p Password@123 -d thecyborg.lab --unconstrained-computer

SPN enumeration (Kerberoast targets)

python3 windapsearch.py --dc-ip 192.198.192.142 --user-spns

Build a userlist for spraying

python3 windapsearch.py --dc-ip 192.168.192.142 -U --full | grep -iE "sAMAccountName" | tee Userlist.txt