BlueTeam, LDAP, Nmap, RedTeam, Windows

Searching LDAP using Nmap’s ldap-search.nse script

Nmap has an NSE script, ldap-search.nse, that enables performing queries against LDAP ( Lightweight Directory Access Protocol) services. The goal of this post is to provide an introduction to using the script as well as a couple of practical examples. Continue reading

Information Security, LDAP, Nmap, RedTeam, TLS

Bypassing Active Directory restrictions against creating users over insecure LDAP connections

In 2011 I spent a little time working on improvements [1] in Nmap’s LDAP code. At some point during the work I stumbled across a way to work around Active Directory’s requirement for a secure connection when creating users via LDAP. This may be useful when abusing testing an Active Directory environment where your only access is over LDAP without TLS support. I’d meant to write this up at the time but didn’t. I recently had to recreate the process so I thought I’d create a blog post as a form of documentation.

Continue reading