Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1913 ldap.qfilter=users,ldap.attrib=sAMAccountName' 10.10.10.119
- 1914 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="cn={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119
- 1915 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="cn={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119 -v
- 1916 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password="{crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/"' 10.10.10.119 -v
- 1917 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password={crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
- 1918 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password='{crypt}$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/',ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
- 1919 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password='$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/',ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
- 1920 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$3qx0SD9x$Q9y1lyQaFKpxqkGqKAjLOWd33Nwdhj.l4MzV7vTnfkE/g/Z/7N5ZbdEQWfup2lSdASImHtQFh6zMo41ZA./44/,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
- 1921 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1,ldap.qfilter=all,ldap.searchattrib="operatingSystem",ldap.searchvalue="Windows *Server*",ldap.attrib={operatingSystem,whencreated,OperatingSystemServicePack}' 10.10.10.119
- 1922 sudo nmap -p 389 --script ldap-search --script-args 'ldap.username="cn=ldapuser2,sn=ldapuser2,dc=lightweight",ldap.password=$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1,ldap.qfilter=all' 10.10.10.119
- 1923 ldapdomaindump -u LIGHWEIGHT\ldapuser2 10.10.10.119
- 1924 ldapdomaindump -u LIGHTWEIGHT\ldapuser2 10.10.10.119
- 1925 ldapdomaindump -h
- 1926 ldapdomaindump -u LIGHTWEIGHT\ldapuser2 -at SIMPLE 10.10.10.119
- 1927 enum4linux -a -u ldapuser2 -p {crypt}$6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
- 1928 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
- 1929 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCAgzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2d 10.10.10.119
- 1930 enum4linux -a -u ldapuser2 -p $6$xJxPjT0M$1m8kM00CJYCA$gzT4qz8TQwyGFQvk3boaymuAmMZCOfm3OA7OKunLZZlqytUp2dun509OBE2xwX/QEfjdRQzgn1 10.10.10.119
- 1946 ldapsearch -x -H ldap://10.10.10.119:389/ -b "searchbase" -s sub
- 1947 ldapsearch -x -H ldap://10.10.10.119:389/ -b "lightweight" -s sub
- 1948 ldapsearch -x -H ldap://10.10.10.119:389/ -b "htb" -s sub
- 1949 ldapsearch -x -H ldap://10.10.10.119:389/ -b "ldapuser2" -s sub
- 1950 ldapsearch -x -H ldap://10.10.10.119:389/ -b "dc=lightweight" -s sub
- 1951 ldapsearch -x -H ldap://10.10.10.119:389/ -b "dc=lightweight,dc=htb" -s sub
- 1970 ssh ldapuser2@lightweight.htb
- 1978 scp 10.10.14.2@lightweight.htb:/home/10.10.14.2/ldap.cap ./
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement