3. LDAP Enumeration (Port 389)
Gather information about usernames, addresses,departmental details, servers etc
LDAP (Lightweight Directory Access Protocol) is an Internet protocol for accessing distributed directory services over a network. LDAP uses DNS (Domain Name System) for quick lookups and fast resolution of queries. A client starts an LDAP session by connecting to a DSA (Directory System Agent), typically on TCP port 389, and sends an operation request to the DSA, which then responds. BER (Basic Encoding Rules) is used to transmit information between the client and the server. One can anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names.
1. Active directory Explorer
Windows
2. LDAP enumeration with python and Nmap
Nmap scan LDAP
Brute force LDAP
-p specifies the port. ldap-brute to brute the LDAP and args if set will be used as base to brute force.
Now start python3
Now use the following commands
Now to get more information.
3. LDAP Enumertion with ldapsearch
-x simple authentication
-h specifies the host
-s specifies the scope
-b base DN for search
Last updated