LDAPPER – AD LDAP CLI Searching Tool

LDAPPER is a tool that may help user to run ldapsearch and make some Active Directory interaction. This allow user to automate the security assessment and penetration testing of an AD environment.

There are several options included that allow user to control the speed of the overall operation such as the number of records pulled at a time. adding delays between each paged call. In addition, multiple DC’s can be specified for round-robining querying.

LDAPPER - AD LDAP CLI Searching Tool
LDAPPER – AD LDAP CLI Searching Tool

Some of the possible custom searches are:

  • Get all users
  • Get specific user (You will be prompted for the username)
  • Get all groups (and their members)
  • Get specific group (You will be prompted for the group name)
  • Get all printers
  • Get all computers
  • Get specific computer (You will be prompted for the computer name)
  • Get Domain/Enterprise Administrators
  • Get Domain Trusts
  • Search for Unconstrained SPN Delegations (Potential Priv-Esc)
  • Search for Accounts where PreAuth is not required. (ASREPROAST)
  • Search for User SPNs (KERBEROAST)
  • Search for specific User SPN (You will be prompted for the User Principle Name)
  • Show All LAPS LA Passwords
  • Search for common plaintext password attributes (UserPassword, UnixUserPassword, unicodePwd, and msSFU30Password)
  • Show All Quest Two-Factor Seeds (if you have access)
  • Oracle “orclCommonAttribute” SSO password hash
  • Oracle “userPassword” SSO password hash

You can read more and download this tool over here: https://github.com/shellster/LDAPPER

Notify of
Inline Feedbacks
View all comments