Nmap has an NSE script, ldap-search.nse, that enables performing queries against LDAP ( Lightweight Directory Access Protocol) services. The goal of this post is to provide an introduction to using the script as well as a couple of practical examples. Continue reading
Bypassing Active Directory restrictions against creating users over insecure LDAP connections
In 2011 I spent a little time working on improvements  in Nmap’s LDAP code. At some point during the work I stumbled across a way to work around Active Directory’s requirement for a secure connection when creating users via LDAP. This may be useful when
abusing testing an Active Directory environment where your only access is over LDAP without TLS support. I’d meant to write this up at the time but didn’t. I recently had to recreate the process so I thought I’d create a blog post as a form of documentation.