AD Enum 可以通过 LDAP 协议发现错误配置,并利用 kerberos 来利用其中的一些弱点。
2023-4-6 09:24:43 Author: Ots安全(查看原文) 阅读量:10 收藏

ADEnum.py是一种渗透测试工具,可以通过 LDAP 协议发现错误配置,并利用 Kerberos 的其中一些弱点。


█████╗ ██████╗ ███████╗███╗ ██╗██╗ ██╗███╗ ███╗ ██╔══██╗██╔══██╗ ██╔════╝████╗ ██║██║ ██║████╗ ████║ ███████║██║ ██║ █████╗ ██╔██╗ ██║██║ ██║██╔████╔██║ ██╔══██║██║ ██║ ██╔══╝ ██║╚██╗██║██║ ██║██║╚██╔╝██║ ██║ ██║██████╔╝ ███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║ ╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝

usage: ADenum.py -d [domain] -u [username] -p [password]
Pentest tool that detect misconfig in AD with LDAP
options: -h, --help show this help message and exit -d [domain] The name of domain (e.g. "test.local") -u [username] The user name -p [password] The user password -ip [ipAddress] The IP address of the server (e.g. "1.1.1.1") -j Enable hash cracking (john) -jp [path] John binary path -w [wordList] The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked- Databases/rockyou.txt -v, --version Show program's version number and exit -s Use LDAP with SSL -c, --NPUsersCheck Check with GetNPUsers.py for ASREP Roastable

Requirement

  • Impacket (https://github.com/SecureAuthCorp/impacket)

  • John (https://github.com/openwall/john)

  • Python 3

If you are using debian or ubuntu:

 $ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev

kali

 $ sudo apt-get install libsasl2-dev python2-dev libldap2-dev libssl-dev

pip3

 $ pip3 install -r requirements.txt

特性和功能

LDAP

  • 枚举域管理员用户

  • 枚举域控制器

  • 枚举密码未过期的域用户

  • 使用旧密码枚举域用户

  • 具有有趣描述的枚举域用户

  • 没有默认加密的枚举域用户

  • 枚举具有保护特权域帐户的域用户

  • 枚举没有默认对象属性的域用户

项目地址:https://github.com/SecuProject/ADenum


文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247497213&idx=2&sn=fab24ac482674cd0cce9d2cfb5e2fde0&chksm=9badbcb6acda35a0a6bb5470c80ee0b4d763250becc6dac25bb9952c553734e1f7f77ff36f31#rd
如有侵权请联系:admin#unsafe.sh