LDAPDomainDump
Now that I have a valid domain credential, I will be able to authenticate to the target LDAP server to retrieve the entire domain data
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/vault/ldapdomaindump]
└─$ ldapdomaindump dc.vault.offsec -u 'VAULT.OFFSEC\anirudh' -p 'SecureHM' -n $IP --no-json --no-grep
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
[+] Domain dump finishedDumping domain information with ldapdomaindump
Computers
/Practice/Vault/3-Exploitation/attachments/{9B1C7EE8-EAEA-425A-8EF9-2ADAFC75ADF6}.png)
DC$
Users
/Practice/Vault/3-Exploitation/attachments/Pasted-image-20250501215258.png)
The anirudh user is part of Server Operators and Remote Management Users groups
Groups
/Practice/Vault/3-Exploitation/attachments/{C88B9ABF-DB8F-425A-A20A-D980798E3028}.png)
All default