Skip to content

mandiant/cleanldap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
images
images
 
 
third_party
third_party
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cleanldap.cna
cleanldap.cna
 
 
main.c
main.c
 
 
search_enumerate.c
search_enumerate.c
 
 

Repository files navigation

CleanLdap

BOF to perform stealthy LDAP queries over AD WS

Arguments

Just going to cut to the chase, here are the args and what they mean:

# Z: DC Hostname ("dc01.example.com")
# Z: LDAP query ("(objectClass=*)")
# Z: Comma separated list of LDAP attributes ("samaccountname,distinguishedName,cn") <- if empty, collect all
# Z: Base DN ("DC=example,DC=com") <- if empty parse from hostname
# Z: Max elements per pull ("25") <- wide char b/c XML, if empty default to 25, max 256
bof_pack($1, "ZZZZZ", $2, $3, $4, $5, $6);

Example Calls

// Retrieve only the sAMAccountName for LDAP objects where cn is "Administrator"
cleanldap "dc01.domain.local" "(cn=Administrator)" "samaccountname" "" "100"

// Retrieve all LDAP attributes needed to parse with bofHound
cleanldap "dc01.domain.local" "(objectclass=*)" "" "" "100"
cleanldap "dc01.domain.local" "(objectclass=*)" "*" "" "100"

// Pull list of attributes from all users using specified base DN
cleanldap "dc01.domain.local" "(objectclass=user)" "samaccountname,cn,distinguishedname" "DC=domain,DC=local" "100"

Example Output

LDAP Query Results

Misc.

  • When running through Mythic, all BOF arguments must be populated.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

183 stars

Watchers

0 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

No contributors

Languages