InfoSec LAB

Escape_ldapdomaindump

Created: 1 min read

ldapdomaindump

Using the credential of the sql_svc user, dumping domain information with ldapdomaindump

┌──(kali㉿kali)-[~/…/htb/labs/escape/ldapdomaindump]
└─$ ldapdomaindump SEQUEL.HTB -u 'SEQUEL.HTB\sql_svc' -p 'REGGIE1234ronnie' -n $IP --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[!] Could not bind with specified credentials
[!] {'result': 8, 'description': 'strongerAuthRequired', 'dn': '', 'message': '00002028: LdapErr: DSID-0C090259, comment: The server requires binds to turn on integrity checking if SSL\\TLS are not already active on the connection, data 0, v4563\x00', 'referrals': None, 'saslCreds': None, 'type': 'bindResponse'}

Binding failed due to the strict access control Resorting to LDAPS…

┌──(kali㉿kali)-[~/…/htb/labs/escape/ldapdomaindump]
└─$ ldapdomaindump ldaps://sequel.htb:636 -u 'SEQUEL.HTB\sql_svc' -p 'REGGIE1234ronnie' -n $IP --no-json --no-grep       
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finished

Dump finished

Computers

Users

The current user, sql_svc, is part of the Remote Management Users group

Groups

Interactive Graph View

Backlinks