windapsearch

Gathering Users with LDAP Anonymous

./windapsearch.py --dc-ip 172.16.5.5 -u "" -U

we can specify anonymous access by providing a blank username with the -u flag and the -U flag to tell the tool to retrieve just users.

[+] No username provided. Will try anonymous bind.
[+] Using Domain Controller at: 172.16.5.5
[+] Getting defaultNamingContext from Root DSE
[+]	Found: DC=INLANEFREIGHT,DC=LOCAL
[+] Attempting bind
[+]	...success! Binded as: 
[+]	 None

[+] Enumerating all AD users
[+]	Found 2906 users: 

cn: Guest

cn: Htb Student
userPrincipalName: [email protected]

cn: Annie Vazquez
userPrincipalName: [email protected]

Reference

https://github.com/ropnop/windapsearch?tab=readme-ov-file

Previouslinkedin2username NextInternal Password Spraying - from Linux ACTIVE Directory

Last updated 10 months ago