LDAPmonitor
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
┌──(kali㉿kali)-[~/archive/htb/labs/timelapse]
└─$ KRB5CCNAME=svc_deploy@dc01.timelapse.htb.ccache LDAPmonitor -d TIMELAPSE.HTB -u svc_deploy --no-pass -k --dc-ip $IP
[+]======================================================
[+] LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Trying to connect to DC01 ...
[debug] using kerberos cache: svc_deploy@dc01.timelapse.htb.ccache
[debug] Using TGT from cache
[>] Listening for LDAP changes ...Executing LDAPmonitor with the TGT of the svc_deploy account
Unfortunately, no significant event occurs