ToolsFebruary 9, 20261 min readby 0xt0pus

ldapsearch

LDAP query tool for enumerating Active Directory objects, users, and groups

#active-directory#enumeration#ldap

Ldapsearch

Description

Ldapsearch is used for querying LDAP directories. In Active Directory penetration testing, it is used to enumerate users, groups, domain information, and sensitive attributes like LAPS passwords.

Usage 1: Query Base Naming Contexts

Find the base DN of the LDAP directory.

Command:

ldapsearch -x -H ldap://192.168.153.122 -s base namingcontexts

Usage 2: Enumerate Users

Query all user objects from the domain.

Command:

ldapsearch -x -H ldap://10.10.10.161 -b 'DC=htb,DC=local' '(objectClass=user)'

Command (Query persons):

ldapsearch -x -H ldap://10.10.10.161 -b 'DC=htb,DC=local' '(objectClass=person)'

Command (Query only SAMAccountName):

ldapsearch -x -H ldap://10.10.10.161 -b 'DC=htb,DC=local' '(objectClass=person)' SAMACCOUNTNAME

Usage 3: Authenticated LDAP Query for LAPS Password

Query LAPS (Local Administrator Password Solution) attribute with authentication.

Command:

ldapsearch -v -x -D fmcsorley@HUTCH.OFFSEC -w CrabSharkJellyfish192 -b "DC=hutch,DC=offsec" -H ldap://192.168.153.122 "(ms-MCS-AdmPwd=*)" ms-MCS-AdmPwd