ad-ldap-enum icon indicating copy to clipboard operation
ad-ldap-enum copied to clipboard

Published 20 hours ago verified publisher icon CroweCybersecurity

Empty results

Open vdun opened this issue 7 years ago • 5 comments 

# ad-ldap-enum -d 'example.com' -l 'ldap.forumsys.com' -n ; cat ./*
2017-04-17 00:00:00 INFO     Querying users
2017-04-17 00:00:00 INFO     Querying groups
2017-04-17 00:00:00 INFO     Querying computers
2017-04-17 00:00:00 INFO     Building users dictionary
2017-04-17 00:00:00 INFO     Building groups dictionary
2017-04-17 00:00:00 INFO     Building computers dictionary
2017-04-17 00:00:00 INFO     Exploding large groups
2017-04-17 00:00:00 INFO     Building group membership
2017-04-17 00:00:00 INFO     There is a total of [0] groups
2017-04-17 00:00:00 INFO     Writing domain user information to [Extended Domain User Information.tsv]
2017-04-17 00:00:00 INFO     Writing domain computer information to [Extended Domain Computer Information.tsv]
2017-04-17 00:00:00 INFO     Writing membership information to [Domain Group Membership.tsv]
2017-04-17 00:00:00 INFO     Elapsed Time [0:00:00.533394]
Group Name      SAM Account Name        Status
SAM Account Name        OS      OS Hotfix       OS Service Pack OS Version
SAM Account Name        Status  Locked Out      Display Name    Email   Home Directory  Profile Path    Logon Script Path       Password Last Set    Last Logon       User Comment    Description

vdun avatar Apr 16 '17 23:04 vdun

Hey @vdun, is 'ldap.forumsys.com' an Active Director server or a different type of LDAP service? I am trying to understand your use case as I see you are performing a null binding to the LDAP service and I have not seen that supported before within Active Directory.

edepree avatar Apr 17 '17 15:04 edepree

I tried with ldapbrowse -h ldap.forumsys.com -b 'dc=example,dc=com' and jxplorer using null binding and got results. I guess the filter (objectClass=*) should be included ?

vdun avatar Apr 17 '17 18:04 vdun

Is ldap.forumsys.com an Active Directory server or a generic LDAP (i.e. OpenLDAP) server hosting data? The tools is geared towards pulling user, computer, and group objects from AD which is why it is only looking for those object classes versus using a wildcard.

edepree avatar Apr 26 '17 14:04 edepree

According to nmap, it is OpenLDAP:

# nmap -A ldap.forumsys.com -p389
...
389/tcp open  ldap    OpenLDAP 2.2.X - 2.3.X

More info: http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

The wildcard option would be nice to have.

vdun avatar Apr 27 '17 12:04 vdun

I just wanted to follow up on this issue. I have put it out for help wanted. Right now there is no plan to support OpenLDAP with ad-ldap-enum as it's targeted for Active Directory.

edepree avatar Jul 18 '17 21:07 edepree