📖 Notes

Search (Ctrl+K)

SearchSearch

Recent Notes

See 1409 more sorted by tag →

ADSearch

created Jan 08, 2024updated Jan 23, 20241 min read

ADSearch is a domain reconnaissance tool with fewer built-in search functionalities as PowerView, but comes with the ability to execute LDAP queries.

beacon> execute-assembly C:\Tools\ADSearch\ADSearch\bin\Release\ADSearch.exe --search "(&(objectCategory=group)(cn=MS SQL Admins))" --attributes cn,member
 
[*] TOTAL NUMBER OF SEARCH RESULTS: 1
	[+] cn     : MS SQL Admins
	[+] member : CN=Developers,CN=Users,DC=dev,DC=cyberbotic,DC=io

It alternatively supports --json output.

Oneliner for looking for Kerberoastable users:

beacon> execute-assembly C:\Tools\ADSearch\ADSearch\bin\Release\ADSearch.exe --search "(&(objectCategory=user)(servicePrincipalName=*))" --attributes cn,servicePrincipalName,samAccountName

Graph View

Backlinks