1、连接

C:\root\temp> ldapsearch -H ldap://172.16.80.189 -D "Oyama@sec.com" -w Az123456@
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-0310021C, problem 2001 (NO_OBJECT), data 0, best 
 match of:
        ''


# numResponses: 1
                                                                                                                                                            
C:\root\temp>

2、过滤查询

C:\root\temp> ldapsearch -H ldap://172.16.80.189 -D "Oyama@sec.com" -w Az123456@ -b "CN=Users,DC=sec,DC=com" "name=administrator"
# extended LDIF
#
# LDAPv3
# base <CN=Users,DC=sec,DC=com> with scope subtree
# filter: name=administrator
# requesting: ALL
#

# Administrator, Users, sec.com
dn: CN=Administrator,CN=Users,DC=sec,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description:: 566h55CG6K6h566X5py6KOWfnynnmoTlhoXnva7luJDmiLc=
distinguishedName: CN=Administrator,CN=Users,DC=sec,DC=com
instanceType: 4
whenCreated: 20240205162902.0Z
whenChanged: 20240403153635.0Z
uSNCreated: 8196
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=sec,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=sec,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=sec,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=sec,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=sec,DC=com
uSNChanged: 53646
name: Administrator
objectGUID:: ohyPvsIhRkuVrXCOwo8Q/w==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 133534075964590025
lastLogoff: 0
lastLogon: 133568134661236885
logonHours:: ////////////////////////////
pwdLastSet: 133526337049813238
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAOSk3PR5QDMz6ZNec9AEAAA==
adminCount: 1
accountExpires: 0
logonCount: 181
sAMAccountName: Administrator
sAMAccountType: 805306368
userPrincipalName: cifs/DESKTOP-GBE538B.sec.com@sec.com
lockoutTime: 0
servicePrincipalName: cifs/DESKTOP-GBE538B.sec.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=sec,DC=com
isCriticalSystemObject: TRUE
dSCorePropagationData: 20240205164531.0Z
dSCorePropagationData: 20240205164531.0Z
dSCorePropagationData: 20240205163021.0Z
dSCorePropagationData: 16010101181216.0Z
lastLogonTimestamp: 133566321952127993

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

3、导出diff格式

ldapsearch -H ldap://172.16.80.189 -D "Oyama@sec.com" -w Az123456@ -b "DC=sec,DC=com" -o ldif_wrap=no > admin.ldif

菜单

分享

3.5 ldapsearch

1、连接

2、过滤查询

3、导出diff格式

评论

1.1 LM、NTLM协议

4.5 委派

4.4 Kerberoasting

4.3 AS-REP Roasting

4.2 域内密码喷洒

4.1 域内用户名枚举

3.10 Impacket

3.9 mimikatz

3.8 Rubeus

3.7 Kekeo

分享

3.5 ldapsearch

1、连接

2、 过滤查询

3、导出diff格式

评论

2、过滤查询