InfoSec LAB

Search_LDAPDomainDump

Created: 1 min read

ldapdomaindump

Using the credential of the hope.sharp user, dumping domain information with ldapdomaindump

┌──(kali㉿kali)-[~/…/htb/labs/search/ldapdomaindump]
└─$ ldapdomaindump ldap://$IP:389 -u 'SEARCH.HTB\hope.sharp' -p 'IsolationIsKey?' -n $IP --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finished

Dump finished

Computers

While a lot of computer accounts are listed here, only 3 of them seems to be up and running. One is the DC host and the others are BIR-ADFS-GMSA$ andCOVID$

Users

Since all the domain users have been already enumerated, I will be listing only those with unique properties such as description or memberships

Groups

Those are the none default domain groups

Interactive Graph View

Backlinks