AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.
License: GNU General Public License v3.0
Hello, i tried to run the script, but I received this error message:
[-] OPERATIONS_ERROR: {'msgtype': 100, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839'}
Please, could you help me.
Regards
Hello, this morning I tried to install your tool on my kalilinux (version 2021.4), but I got some errors with the following depedancie :
So I found a solution :
link : https://www.python-ldap.org/en/python-ldap-3.3.0/installing.html#installing-from-source
apt-get install build-essential python3-dev python2.7-dev libldap2-dev libsasl2-dev slapd ldap-utils tox lcov valgrind
afterthat :
pip3 install -r Requirement.txt
On ubuntu, your little tutorial work perfectly, so maybe update your README for kali linux distro.
Best regards,
ADenum requires a very old version:
the pypi package pwn is a very old version (1.0) and abandonned package of pwntools.
The official pypi package is pwntools https://pypi.org/project/pwntools/ and the last version available is 4.10.0.
[-] Users with Password Not Expire
[-] LDAPError: {'msgtype': 100, 'msgid': 6, 'result': 4, 'desc': 'Size limit exceeded', 'ctrls': []}
Some kind of LDAP pagging may be needed for large results
Users who have AdminCount=1 are not necessarily domain admins (DA).
Lines 279 to 282 in fbbe14d
So this section should probably be renamed Privileged domain accounts.
The following table lists Active Directory’s default protected object sets, including the groups that may induce an update of the AdminCount attribute on its members:
I would be nice to do another query to find DA only. You can filter the DA group with (&(objectclass=group)(CN=Domain Admins)) and then get all users (&(objectclass=user)(MemberOf=$($_.DistinguishedName))) from that group.
Ref.
When auditing active directory on languages other than english some filters are rarely useful, for example the filter on the description is looking for pwd and password but in french 🇫🇷 it will more likely be mdp or mot? de passe .
Line 270 in fbbe14d
It results in false negative where juicy description are missed:
[-] Users with an interesting description
[!] No entry found !
It would be nice to have an option --description-regexp where one can pass a custom LDAP regexp to filter for, eg. *mdp* that would be added in addition to the default one.
after run and install all requirements, when i run the script the system give error:
Hi, here have some suggect for the ADenum.py
$python3 ADenum.py -d htb.local -ip 10.129.95.210
<------ Omitted ------>
[*] Domain name: htb.local
[*] Username: Anonymous
[*] IP Address: 10.129.95.210
[*] SSL connect: FALSE
[-] Domain Controllers
[*] Computer: FOREST$ CN=FOREST,OU=Domain Controllers,DC=htb,DC=local
[V] Windows Server 2016 Standard 10.0 (14393)
<------ Omitted ------>
[-] Users with Password Not Expire
[*] Username: Guest CN=Guest,CN=Users,DC=htb,DC=local
<------ Omitted ------>
[*] Username: andy CN=Andy Hislip,OU=Helpdesk,OU=Information Technology,OU=Employees,DC=htb,DC=local
[*] Username: mark CN=Mark Brandt,OU=Sysadmins,OU=Information Technology,OU=Employees,DC=htb,DC=local
[*] Username: santi CN=Santi Rodriguez,OU=Developers,OU=Information Technology,OU=Employees,DC=htb,DC=local
====================================================
==================== Attack AD =====================
====================================================
[-] AS-REP Roastable Users
[!] No entry found !
[-] Kerberoastable Users
[!] No entry found !In the Attack AD sesstion, Would you like to Add user which is Do not require Kerberos preauthentication in AD? This is a good script, also this information is important for attack AD?
GetNPUsers.py -dc-ip xxx.xxx.xxx.xxx htb.local/
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
Name MemberOf PasswordLastSet LastLogon UAC
------------ ------------------------------------------------------ -------------------------- -------------------------- --------
svc-alfresco CN=Service Accounts,OU=Security Groups,DC=htb,DC=local 2022-07-11 14:17:30.619145 2019-09-23 12:09:47.931194 0x410200You can test in the HTB machine: Forest.
Thank you for your ADenum.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.