LDAPmonitor
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
Additionally, it also comes with a PowerShell script
Since I already have an established session as the oliver user, I can take advantage of that
*evil-winrm* ps c:\tmp> upload LDAPmonitor/powershell/psLDAPmonitor.ps1 C:\tmp
info: Uploading /home/kali/archive/htb/labs/object/LDAPmonitor/powershell/psLDAPmonitor.ps1 to C:\tmp
data: 16608 bytes of 16608 bytes copied
info: Upload successful!Delivery complete
*evil-winrm* ps c:\tmp> .\psLDAPmonitor.ps1 -dcip 10.10.11.132 -Username 'OBJECT\oliver' -Password c1cdfun_d2434
[+]======================================================
[+] Powershell LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Listening for LDAP changes ...Executing LDAPmonitor
There is a change made to the LDAP object; CN=Domain Admins,CN=Users,DC=object,DC=local
