LDAPDomainDump
┌──(kali㉿kali)-[~/…/htb/labs/active/ldapdomaindump]
└─$ ldapdomaindump ldap://active.htb:389 -u 'ACTIVE.HTB\SVC_TGS' -p GPPstillStandingStrong2k18 -n $IP
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedDumping domain information with the credential extracted earlier. This operation with ldapdomaindump is essentially the better version of the manual enumeration with ldapsearch
The target host is Windows server 2008 R2 Standard SP1
As I already enumerated earlier, there are only 4 users in this domain if I don’t count the machine account.
I was hoping to see some notes in the description field, but all of them are empty.
There’s not much else to do here.