LDAPmonitor
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
┌──(kali㉿kali)-[~/archive/htb/labs/flight]
└─$ KRB5CCNAME=svc_apache@g0.flight.htb.ccache LDAPmonitor -d FLIGHT.HTB -u svc_apache -k --no-pass --dc-ip $IP --debug
[+]======================================================
[+] LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Trying to connect to G0 ...
[debug] using kerberos cache: svc_apache@g0.flight.htb.ccache
[debug] Using TGT from cache
[debug] Authentication successful!
[debug] using dn: DC=flight,DC=htb
[debug] using dn: CN=Configuration,DC=flight,DC=htb
[debug] using dn: CN=Schema,CN=Configuration,DC=flight,DC=htb
[debug] using dn: DC=DomainDnsZones,DC=flight,DC=htb
[debug] using dn: DC=ForestDnsZones,DC=flight,DC=htb
[>] Listening for LDAP changes ...Executing LDAPmonitor with the TGT of the ldap account
DPAPI