LDAPMonitor
/Practice/Hokkaido/3-Exploitation/attachments/Pasted-image-20250425145557.png)
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ LDAPmonitor -d HOKKAIDO-AEROSPACE.COM -u info -p info --dc-ip $IP
[+]======================================================
[+] LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Trying to connect to 192.168.119.40 ...
[>] Listening for LDAP changes ...Using the credential of the compromised info account, listening in
/Practice/Hokkaido/3-Exploitation/attachments/{071390C2-A093-4E03-A12C-F52B8AEA699E}.png)
Something MAJOR is happening
/Practice/Hokkaido/3-Exploitation/attachments/{3E1ADED1-CD3A-411C-8F00-0D1BB7089BAC}.png)
N/A
/Practice/Hokkaido/3-Exploitation/attachments/{FCCA5B5F-3366-4A91-A05F-D987EF69D281}.png)
Something is altering the attributes of the molly.smith user.
/Practice/Hokkaido/3-Exploitation/attachments/{BAF1DFC1-5CAA-424A-8FE7-E76DB8EEFD88}.png)
The tier1-admins group is getting its attribute altered.