NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

LDAP based password policy retrieval

Open L1-0 opened this issue 4 months ago • 1 comments

Please Describe The Problem To Be Solved Right now the --pass-pol command only works with the smb flag. I would like to see this feature expanded to allow enumeration based on ldap aswell. I've had situations a bunch of times now where netexec was blocked but an oldschool ldapsearch wen't through just fine. So i think this would be a nice addition.

Example ldapsearch command:


ldapsearch -x \
  -H ldap://dc.domain.local \
  -D "[email protected]" -w 'Password123' \
  -b "DC=domain,DC=local" \
  "(objectClass=domainDNS)" \
  minPwdLength pwdHistoryLength maxPwdAge minPwdAge \
  lockoutThreshold lockoutDuration lockOutObservationWindow \
  forceLogoff pwdProperties

L1-0 avatar Aug 20 '25 10:08 L1-0

That's right! The smb thing retrives the pass pol through a named pipe that actually relies on a ldap query after. So yeah we can add that as well for the ldap protocole!

Dfte avatar Aug 20 '25 10:08 Dfte