LDAP shell repository contains a small tool inherited from ldap_shell.
These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go:
git clone https://github.com/z-Riocool/ldap_shell.git
cd ldap_shell
python3 setup.py install
ldap_shell domain.local/user:password
ldap_shell domain.local/user:password -dc-ip 192.168.1.2
ldap_shell domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1
export KRB5CCNAME=/home/user/ticket.ccache
ldap_shell -k -no-pass domain.local/user
Get Info
dump – Dumps the domain.
search query [attributes,] – Search users and groups by name, distinguishedName and sAMAccountName.
get_user_groups user – Retrieves all groups this user is a member of.
get_group_users group – Retrieves all members of a group.
get_laps_password computer – Retrieves the LAPS passwords associated with a given computer (sAMAccountName).
get_maq user – Get ms-DS-MachineAccountQuota for current user.
Abuse ACL
add_user_to_group user group – Adds a user to a group.
del_user_from_group user group – Delete a user from a group.
change_password user [password] – Attempt to change a given user’s password. Requires LDAPS.
set_rbcd target grantee – Grant the grantee (sAMAccountName) the ability to perform RBCD to the target (sAMAccountName).
clear_rbcd target – Clear the resource based constrained delegation configuration information.
set_dcsync user – If you have write access to the domain object, assign the DS-Replication right to the selected user.
del_dcsync user – Delete DS-Replication right to the selected user.
set_genericall target grantee – Grant full control of a given target object (sAMAccountName) to the grantee (sAMAccountName).
set_owner target grantee – Abuse WriteOwner privilege.
dacl_modify – Modify ACE (add/del). Usage: target, grantee, add/del and mask name or ObjectType for ACE modified.
set_dontreqpreauth user true/false – Set the don’t require pre-authentication flag to true or false.
get_ntlm user – Shadow Credentials method to abuse GenericAll, GenericWrite and AllExtendedRights privilege
write_gpo_dacl user gpoSID – Write a full control ACE to the gpo for the given user. The gpoSID must be entered surrounding by {}.
Misc
add_computer computer [password] – Adds a new computer to the domain with the specified password. Requires LDAPS.
del_computer computer – Remove a new computer from the domain.
add_user new_user [parent] – Creates a new user.
disable_account user – Disable the user’s account.
enable_account user – Enable the user’s account.
exit – Terminates this session.
Learn how to create and use Bash functions with this complete tutorial. Includes syntax, arguments,…
Introduction Unlock the full potential of your Linux system with this comprehensive guide to essential…
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…