A small script to enumerate password policy, users and groups from LDAP

root authored on 21 Feb 2022
LdapUsrEnum-linux-386 Fixed issues #1 & #2 2 years ago
LdapUsrEnum-linux-amd64 Fixed issues #1 & #2 2 years ago
LdapUsrEnum-windows-386.exe Fixed issues #1 & #2 2 years ago
LdapUsrEnum-windows-amd64.exe Fixed issues #1 & #2 2 years ago
LdapUsrEnum.go Fixed issues #1 & #2 2 years ago
LdapUsrEnum_Screenshot.png Initial commit 2 years ago
README.md Fixed issues #1 & #2 2 years ago
go.mod Fixed issues #1 & #2 2 years ago
go.sum Initial commit 2 years ago
README.md

LdapUsrEnum

A small script to enumerate password policy, users and groups from LDAP.

-g will display a list of the groups with users in the corresponding group.

comma seperated list of all users except one used to scan with at end, or list of all users in groups that user used is not a member of.. for easy pasting into brute-force tools.

╰» ./LdapUsrEnum-linux-amd64 -d 192.168.69.13 -w -redacted- -u Reno -p -redacted-
[i] DC/AD: 192.168.69.13
[i] domain: -redacted-
[!] trying plaintext auth
[+] using: CN=Reno,DC=-redacted-,DC=-redacted-
[!] trying to connect with supplied password
[+] query shortname to get account username... Reno
[+] ALL usernames... 10
[+] locked accounts... 0
[+] disabled accounts... 3
[+] non-expire passwords... 9
[+] groups... 51
[+] Matching users to groups.. this could take a while!
[+] password policy 
--- pwd pol ---
minPwdLength: 7 
minPwdAge: -864000000000 
maxPwdAge: 42 
pwdHistoryLength: 24 
lockoutThreshold: 0 
lockoutDuration: 30 
lockOutObservationWindow: 30 
--- results ---
Administrator  PassNevExp 
                 2022-02-21 09:52:35  (0 day(s) 00:22:24)
                 (Desc: Built-in account for administering the computer/domain)
Guest          Disabled PassNevExp 
                 Never Logged In
                 (Desc: Built-in account for guest access to the computer/domain)
krbtgt         Disabled 
                 Never Logged In
                 (Desc: Key Distribution Center Service Account)
Reno           PassNevExp 
                 2022-02-17 09:05:41  (4 day(s) 01:09:18)
T.Holt         Disabled PassNevExp 
                 Never Logged In
pfSense        PassNevExp 
                 2021-08-17 12:00:17  (188 day(s) 23:14:42)
r.marks        PassNevExp 
                 2022-02-21 05:23:05  (0 day(s) 04:51:54)
Rude           PassNevExp 
                 2021-08-17 15:35:04  (188 day(s) 19:39:55)
Cissnei        PassNevExp 
                 2021-08-17 15:56:36  (188 day(s) 19:18:23)
                 (Desc: -redacted-)
Elena          PassNevExp 
                 2021-08-17 15:56:36  (188 day(s) 19:18:23)
---  to try (ALL) ---
Administrator, pfSense, r.marks, Rude, Cissnei, Elena
---  to try (Diff Group) ---
Administrator, pfSense, r.marks