Msldap : LDAP Library For Auditing MS AD

Msldap is a tool for (LDAP) LightWeight Directory Acess Protocol library for MS AD.

Features

  • Comes with a built-in console LDAP client
  • All parameters can be conrolled via a conveinent URL (see below)
  • Supports integrated windows authentication (SSPI) both with NTLM and with KERBEROS
  • Supports channel binding (for ntlm and kerberos not SSPI)
  • Supports encryption (for NTLM/KERBEROS/SSPI)
  • Supports LDAPS (TODO: actually verify certificate)
  • Supports SOCKS5 proxy withot the need of extra proxifyer
  • Minimal footprint
  • A lot of pre-built queries for convenient information polling
  • Easy to integrate to your project
  • No testing suite

Installation

Via GIT

python3 setup.py install

OR

pip install msldap

Prerequisites

  • winsspi module. For windows only. This supports SSPI based authentication.
  • asn1crypto module. Some LDAP queries incorporate ASN1 strucutres to be sent on top of the ASN1 transport XD
  • asysocks module. To support socks proxying.
  • aiocmd For the interactive client
  • asciitree For plotting nice trees in the interactive client

Usage

Please note that this is a library, and was not intended to be used as a command line program.
Whit this noted, the projects packs a fully functional LDAP interactive client. When installing the msldap module with setup.py install a new binary will appear called msldap (shocking naming conventions)

LDAP Connection URL

he major change was needed in version 0.2.0 to unify different connection options as one single string, without the need for additional command line switches.
The new connection string is composed in the following manner:
<protocol>+<auth_method>://<domain>\<username>:<password>@<ip>:<port>/?<param>=<value>&<param>=<value>&...
Detailed explanation with examples:

+://:@://?=
sets the ldap protocol following values supported:
– ldap
– ldaps
can be omitted if plaintext authentication is to be performed (in that case it default to ntlm-password), otherwise:
– ntlm-password
– ntlm-nt
– kerberos-password (dc option param must be used)
– kerberos-rc4 / kerberos-nt (dc option param must be used)
– kerberos-aes (dc option param must be used)
– kerberos-keytab (dc option param must be used)
– kerberos-ccache (dc option param must be used)
– sspi-ntlm (windows only!)
– sspi-kerberos (windows only!)
– anonymous
– plain
– simple
– sicily (same format as ntlm-nt but using the SICILY authentication)
:
OPTIONAL. Specifies the root tree of all queries
can be:
– timeout : connction timeout in seconds
– proxytype: currently only socks5 proxy is supported
– proxyhost: Ip or hostname of the proxy server
– proxyport: port of the proxy server
– proxytimeout: timeout ins ecodns for the proxy connection
– dc: the IP address of the domain controller, MUST be used for kerberos authentication
Examples:
ldap://10.10.10.2 (anonymous bind)
ldaps://test.corp (anonymous bind)
ldap+sspi-ntlm://test.corp
ldap+sspi-kerberos://test.corp
ldap://TEST\victim:@10.10.10.2 (defaults to SASL GSSAPI NTLM)
ldap+simple://TEST\victim:@10.10.10.2 (SASL SIMPLE auth)
ldap+plain://TEST\victim:@10.10.10.2 (SASL SIMPLE auth)
ldap+ntlm-password://TEST\victim:@10.10.10.2
ldap+ntlm-nt://TEST\victim:@10.10.10.2
ldap+kerberos-password://TEST\victim:@10.10.10.2
ldap+kerberos-rc4://TEST\victim:@10.10.10.2
ldap+kerberos-aes://TEST\victim:@10.10.10.2
ldap://TEST\victim:password@10.10.10.2/DC=test,DC=corp/
ldap://TEST\victim:password@10.10.10.2/DC=test,DC=corp/?timeout=99&proxytype=socks5&proxyhost=127.0.0.1&proxyport=1080&proxytimeout=44

R K

Recent Posts

Bash For Loop Examples Explained Simply for Beginners

If you are new to Bash scripting or Linux shell scripting, one of the most…

7 hours ago

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

2 days ago

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

5 days ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

5 days ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

6 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

6 days ago