LDAP shell repository contains a small tool inherited from ldap_shell.
These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go:
git clone https://github.com/z-Riocool/ldap_shell.git
cd ldap_shell
python3 setup.py install
ldap_shell domain.local/user:password
ldap_shell domain.local/user:password -dc-ip 192.168.1.2
ldap_shell domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1
export KRB5CCNAME=/home/user/ticket.ccache
ldap_shell -k -no-pass domain.local/user
Get Info
dump – Dumps the domain.
search query [attributes,] – Search users and groups by name, distinguishedName and sAMAccountName.
get_user_groups user – Retrieves all groups this user is a member of.
get_group_users group – Retrieves all members of a group.
get_laps_password computer – Retrieves the LAPS passwords associated with a given computer (sAMAccountName).
get_maq user – Get ms-DS-MachineAccountQuota for current user.
Abuse ACL
add_user_to_group user group – Adds a user to a group.
del_user_from_group user group – Delete a user from a group.
change_password user [password] – Attempt to change a given user’s password. Requires LDAPS.
set_rbcd target grantee – Grant the grantee (sAMAccountName) the ability to perform RBCD to the target (sAMAccountName).
clear_rbcd target – Clear the resource based constrained delegation configuration information.
set_dcsync user – If you have write access to the domain object, assign the DS-Replication right to the selected user.
del_dcsync user – Delete DS-Replication right to the selected user.
set_genericall target grantee – Grant full control of a given target object (sAMAccountName) to the grantee (sAMAccountName).
set_owner target grantee – Abuse WriteOwner privilege.
dacl_modify – Modify ACE (add/del). Usage: target, grantee, add/del and mask name or ObjectType for ACE modified.
set_dontreqpreauth user true/false – Set the don’t require pre-authentication flag to true or false.
get_ntlm user – Shadow Credentials method to abuse GenericAll, GenericWrite and AllExtendedRights privilege
write_gpo_dacl user gpoSID – Write a full control ACE to the gpo for the given user. The gpoSID must be entered surrounding by {}.
Misc
add_computer computer [password] – Adds a new computer to the domain with the specified password. Requires LDAPS.
del_computer computer – Remove a new computer from the domain.
add_user new_user [parent] – Creates a new user.
disable_account user – Disable the user’s account.
enable_account user – Enable the user’s account.
exit – Terminates this session.
Got it! Below is the updated README.md file with instructions for downloading the project on…
Termo-Kali bridges the gap between powerful Linux capabilities and the convenience of mobile devices by…
Welcome to the Ethical Hacking Quiz Application, designed to help learners test their knowledge of…
The WPA2 Handshake Automation Tool is a Python3 script designed to simplify the process of setting up…
A custom bash script designed to streamline your startup process and enhance your scripting skills.…
Welcome to the Cybersecurity Toolkit, a collection of essential Python tools designed for penetration testing…