all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

LDAP shell - AD ACL Abuse

Add to bookmarks
April 10, 2022, 9:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


This repository contains a small tool inherited from ldap_shell (https://github.com/SecureAuthCorp/impacket/blob/master/impacket/examples/ldap_shell.py).


Installation

These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go:

git clone https://github.com/z-Riocool/ldap_shell.git
cd ldap_shell
python3 setup.py install

Usage

Connection options

ldap_shell domain.local/user:password
ldap_shell domain.local/user:password -dc-ip 192.168.1.2
ldap_shell domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1
export KRB5CCNAME=/home/user/ticket.ccache
ldap_shell -k -no-pass domain.local/user

Functionality

access to the domain object, assign the DS-Replication right to the selected user. del_dcsync user - …

abuse acl ad gpo laps ldap passwords python shell

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

Reaper - Proof Of Concept On BYOVD Attack 16 hours ago | www.kitploit.com
actions attack attackers bring your own vulnerable driver +15
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting 1 day, 16 hours ago | www.kitploit.com
ars0n-framework shuffledns subdomain subdomains +6
Headerpwn - A Fuzzer For Finding Anomalies And Analyzing How Servers Respond To Different HTTP … 2 days, 16 hours ago | www.kitploit.com
burp fuzzer headerpwn headers +2
LDAPWordlistHarvester - A Tool To Generate A Wordlist From The Information Present In LDAP, In … 3 days, 16 hours ago | www.kitploit.com
accounts active directory crack domain +13
Pyrit - The Famous WPA Precomputed Cracker 4 days, 16 hours ago | www.kitploit.com
packet pyrit python2 python3 +4
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts 5 days, 16 hours ago | www.kitploit.com
ai scan erc20 hacking tools etherium sherlockchain +2
Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning 6 days, 16 hours ago | www.kitploit.com
bruteforcing current dns domain +20
JA4+ - Suite Of Network Fingerprinting Standards 1 week ago | www.kitploit.com
cybersecurity golang ja3 ja3 fingerprint +7
PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools 1 week, 1 day ago | www.kitploit.com
abusing black hat collection injection +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com