From 8cfc22398678a61c7a608640bf55355da5f4fc42 Mon Sep 17 00:00:00 2001 From: Juri Dispan Date: Sat, 10 Aug 2024 10:10:12 +0200 Subject: [PATCH] nxc-ldap: add page (#13418) Co-authored-by: spageektti --- pages/common/nxc-ldap.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 pages/common/nxc-ldap.md diff --git a/pages/common/nxc-ldap.md b/pages/common/nxc-ldap.md new file mode 100644 index 000000000..8134b55f9 --- /dev/null +++ b/pages/common/nxc-ldap.md @@ -0,0 +1,24 @@ +# nxc ldap + +> Pentest and exploit Windows Active Directory Domains via LDAP. +> More information: . + +- Search for valid domain credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords: + +`nxc ldap {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}` + +- Enumerate active domain users: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --active-users` + +- Collect data about the targeted domain and automatically import these data into BloodHound: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --bloodhound --collection {{All}}` + +- Attempt to collect AS_REP messages for the specified user in order to perform an ASREPRoasting attack: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p '' --asreproast {{path/to/output.txt}}` + +- Attempt to extract the passwords of group managed service accounts on the domain: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --gmsa`