Fuse_LDAPDomainDump

LDAPDomainDump

---

┌──(kali㉿kali)-[~/…/htb/labs/fuse/ldapdomaindump]
└─$ ldapdomaindump ldap://fabricorp.local:389 -u 'fabricorp.local\bnielson' -p Qwer1234 -n $IP                  
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finished

Now that I have valid domain credentials from multiple sources, I am able to authenticate and dump the domain data with ldapdomaindump

Computer Account

---

Unlike what’s shown in the web server, there is only the DC, and its running Windows Server 2016 Standard

Groups

---

This group is a none default group

Users

---

I was hoping to see some sensitive data exposure in the description field, but there’s none. It is also confirmed that ASREPRoasting is NOT available with any of these users There are 2 users that belongs to the none default group that I found earlier