A small script to enumerate password policy, users and groups from LDAP

root authored on 22 Feb
LdapUsrEnum-linux-386 Tony Minor fix 9 months ago
LdapUsrEnum-linux-amd64 Tony Minor fix 9 months ago
LdapUsrEnum-windows-386.exe Tony Minor fix 9 months ago
LdapUsrEnum-windows-amd64.exe Tony Minor fix 9 months ago
LdapUsrEnum.go Tony Minor fix 9 months ago
LdapUsrEnum_Screenshot.png Initial commit 1 year ago
README.md Fixed issues #1 & #2 9 months ago
go.mod Fixed issues #1 & #2 9 months ago
go.sum Initial commit 1 year ago
README.md

LdapUsrEnum

A small script to enumerate password policy, users and groups from LDAP.

-g will display a list of the groups with users in the corresponding group.

comma seperated list of all users except one used to scan with at end, or list of all users in groups that user used is not a member of.. for easy pasting into brute-force tools.

╰» ./LdapUsrEnum-linux-amd64 -d 192.168.69.13 -w -redacted- -u Reno -p -redacted-
[i] DC/AD: 192.168.69.13
[i] domain: -redacted-
[!] trying plaintext auth
[+] using: CN=Reno,DC=-redacted-,DC=-redacted-
[!] trying to connect with supplied password
[+] query shortname to get account username... Reno
[+] ALL usernames... 10
[+] locked accounts... 0
[+] disabled accounts... 3
[+] non-expire passwords... 9
[+] groups... 51
[+] Matching users to groups.. this could take a while!
[+] password policy 
--- pwd pol ---
minPwdLength: 7 
minPwdAge: -864000000000 
maxPwdAge: 42 
pwdHistoryLength: 24 
lockoutThreshold: 0 
lockoutDuration: 30 
lockOutObservationWindow: 30 
--- results ---
Administrator  PassNevExp 
                 2022-02-21 09:52:35  (0 day(s) 00:22:24)
                 (Desc: Built-in account for administering the computer/domain)
Guest          Disabled PassNevExp 
                 Never Logged In
                 (Desc: Built-in account for guest access to the computer/domain)
krbtgt         Disabled 
                 Never Logged In
                 (Desc: Key Distribution Center Service Account)
Reno           PassNevExp 
                 2022-02-17 09:05:41  (4 day(s) 01:09:18)
T.Holt         Disabled PassNevExp 
                 Never Logged In
pfSense        PassNevExp 
                 2021-08-17 12:00:17  (188 day(s) 23:14:42)
r.marks        PassNevExp 
                 2022-02-21 05:23:05  (0 day(s) 04:51:54)
Rude           PassNevExp 
                 2021-08-17 15:35:04  (188 day(s) 19:39:55)
Cissnei        PassNevExp 
                 2021-08-17 15:56:36  (188 day(s) 19:18:23)
                 (Desc: -redacted-)
Elena          PassNevExp 
                 2021-08-17 15:56:36  (188 day(s) 19:18:23)
---  to try (ALL) ---
Administrator, pfSense, r.marks, Rude, Cissnei, Elena
---  to try (Diff Group) ---
Administrator, pfSense, r.marks