LDAPMonitor
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
┌──(kali㉿kali)-[~/archive/htb/labs/university]
└─$ LDAPmonitor -d UNIVERSITY -u wao -p 'WebAO1337' --dc-ip dc.university.htb
[+]======================================================
[+] LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Trying to connect to dc.university.htb ...
[>] Listening for LDAP changes ...Using the credential of the wao user, I can sniff the LDAP traffic
Multiple authentications of the rose.l user
It appears to be a background scheduled task running every 5 minutes
Computer account, WS-3$, authentications
likely DNS related default scheduled task