InfoSec LAB

Support_LDAPDomainDump

Created: 1 min read

LDAPDomainDump

Now that I have a valid domain credential, I will be able to authenticate to the target LDAP server to retrieve the entire domain data

┌──(kali㉿kali)-[~/…/htb/labs/support/ldapdomaindump]
└─$ ldapdomaindump ldap://dc.support.htb:389 -u 'SUPPORT\ldap' -p 'nvEfEK16^1aM4$e7AclUf8x$tRWxPWO1%lmz' -at SIMPLE -n $IP --no-json --no-grep 
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finished

Dumping domain information with ldapdomaindump

Domain Computer

As expected, there are 2 domain computers;

  • dc$: the target system
  • management$: a host discovered during the DNS enumeration earlier

Domain Users

These are all the domain users The support account stands out the most with the notable group memberships

Domain Groups

While most of the groups here are default domain groups, the Shared Support Accounts group appears to be the only none default group

Interactive Graph View

Backlinks