一款域信息收集神器
2022-9-11 22:2:55 Author: 红队蓝军(查看原文) 阅读量:19 收藏

非常优质的公众号(大佬的公众号)
兄弟们关注一波

地址:https://github.com/lzzbb/Adinfo

此为去年实习时依照goddi 二开的基于go的ldap查询工具

修复了连接时可能会存在的bug、依照攻防及域信息收集经验dump快而有用的域信息

刚学go的时候写的,能跑就行

Usage

1.输出所有信息

./Adinfo -d redteam.lab --dc 192.168.1.1 -u ccc -H 5e95607216d9a4b7654d831beb9ee95c

./Adinfo -d redteam.lab --dc 192.168.1.1 -u ccc -p Qq123456..

2.当域很大或者目前只需要特定属性的值,可以指定下面的参数进行查询

      --getPolicy                get domain Policy
--getDCandExchangeDNS get DC and Exchange DNS
--getAllDNS get all domain DNS
--getmaq get domain MAQ
--getdomainVersion get domain Version
--getMail get domain Mail
--getSID get domain SID
--getExchangeInformation get Exchange Information
--getDomainTrusts get trusts domain
--getSPN get all SPN
--getGPO get all GPO
--getDomainAdmins get all domain admins
--dclocaladministrators get dc local administrators
--BackupOperators get dc local Backup Operators
--getDC get all DomainControllers
--getAllUser get all domain user
--getUsefulUserName get all not Disabled and Locked user(only name)
--getHighlevelUser get users that admincount=1(only name)
--getNotusefulUser get not useful user(Locked or Disabled)
--getUsersNoExpire get users not expire
--getComputers get all domain computers
--getComputersName get all domain computers(only name)
--getDomainGroup get all domain group
--getCreatorSID get all CreatorSID
--getADCS get ADCS information
--getOU get domain OU
--checkLAPS get is have LAPS, If the current user has permission, all LAPS passwords will be exported.
--checkbackdoor check backdoor:MAQ、AsReproast、SIDHistory、GetRBCD、UnconstrainedDeligation、ConstrainedDeligation、SensitiveDelegateAccount
--Krbtgttime get Krbtgt password last set time

Todo

1.nTSecurityDescriptor字段解析存在问题,后续再解决

2.添加对ldap增删改操作

Reference

https://github.com/NetSPI/goddi

https://github.com/kgoins/go-winacl/


文章来源: http://mp.weixin.qq.com/s?__biz=Mzg2NDY2MTQ1OQ==&mid=2247502430&idx=1&sn=f78ce6eb3d3d2b855c90a538da12183c&chksm=ce6770e2f910f9f43fb0bbb80ea13311e75c2dc3af334176f935ef2807b5b1034f62cd5bec86#rd
如有侵权请联系:admin#unsafe.sh