API tools faq
paste
Advertisement
Guest User

diocane

a guest
Jan 4th, 2019
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.39 KB | None | 0 0
raw download clone embed print report
  1. 1913 ldap.qfilter=users,ldap.attrib=sAMAccountName' 10.10.10.119
  2. 1914 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="cn={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119
  3. 1915 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="cn={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119 -v
  4. 1916 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="{crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119 -v
  5. 1917 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
  6. 1918 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password='{crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/',ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
  7. 1919 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password='$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/',ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
  8. 1920 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
  9. 1921 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
  10. 1922 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1,ldap.qfilter=all' 10.10.10.119
  11. 1923 ldapdomaindump -u LIGHWEIGHT\ldapuser2 10.10.10.119
  12. 1924 ldapdomaindump -u LIGHTWEIGHT\ldapuser2 10.10.10.119
  13. 1925 ldapdomaindump -h
  14. 1926 ldapdomaindump -u LIGHTWEIGHT\ldapuser2 -at SIMPLE 10.10.10.119
  15. 1927 enum4linux -a -u ldapuser2 -p {crypt}$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
  16. 1928 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
  17. 1929 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2d 10.10.10.119
  18. 1930 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCA$gzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
  19. 1946 ldapsearch -x -H ldap://10.10.10.119:389/ -b "searchbase" -s sub
  20. 1947 ldapsearch -x -H ldap://10.10.10.119:389/ -b "lightweight" -s sub
  21. 1948 ldapsearch -x -H ldap://10.10.10.119:389/ -b "htb" -s sub
  22. 1949 ldapsearch -x -H ldap://10.10.10.119:389/ -b "ldapuser2" -s sub
  23. 1950 ldapsearch -x -H ldap://10.10.10.119:389/ -b "dc=lightweight" -s sub
  24. 1951 ldapsearch -x -H ldap://10.10.10.119:389/ -b "dc=lightweight,dc=htb" -s sub
  25. 1970 ssh ldapuser2@lightweight.htb
  26. 1978 scp 10.10.14.2@lightweight.htb:/home/10.10.14.2/ldap.cap ./
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!