LDAP (389,636)
TL;DR
Basics
LDAP stands for Lightweight Directory Access Protocol and, as the name suggests, it is used for accessing various directory services, most commonly the .
LDAP uses ports
389
(unencrypted) and636
(encrypted).LDAP is the language that systems can use for speaking to (Figure 1).

Authentication
LDAP supports two authentication methods:
Simple: This includes anonymous, unauthenticated, and
username:password
authentication and it means that a pair of credentials create a bind request to authenticate to the LDAP server.: This uses other authentication services, like Kerberos, to bind to the LDAP server.
All domain users can authenticate with the LDAP server.
Global Catalog
A can also be granted the role which is an LDAP-compliant directory consisting of a partial representation of every object from every domain within the forest. This is available by default on ports 3268
(unencrypted) and 3269
(encrypted).
Tools
# validate credentials
ldapwhoami -x -v -D <domain> -w <pass> -H ldap://<ip>
# query LDAP
ldapsearch -x -v -D <domain> -w <pass> -H ldap://<ip> -b "DC=SUPPORT,DC=HTB"
# domain dump
ldapdomaindump.py -u <user> -p <pass> -at SIMPLE -n <dns-server>
Detailed queries can be found on the ldapsearch
page.
Resources
Last updated
Was this helpful?