- Ldap Query Tool For Mac Pro
- Mac Ldap Server
- Ldap Query Tool
- Ldap Query Tool For Mac Free
- Ldap Query Tool For Mac Os
When a Mac system is bound to Active Directory, it sets a computer account password that’s stored in the system keychain and is automatically changed by the Mac. The default password interval is every 14 days, but you can use the directory payload or dsconfigad command–line tool to set any interval that your policy requires. ManageEngine offers several Great utilities for managing Active Directory – including the following tools that can be found at the URL below: AD Query Tool, CSV Generator (generate a csv file from any AD Attributes), Last Logon Reporter, Active Directory Replication Manager and Many more! Check out their Full list of tools at the link below.
License: All 1 2 | Free
If you are looking for an SQL QueryTool that is powerful, containing all of the features that you need yet is still easy to learn and use, then FlySpeed SQL Query provides exactly what you need. This program, supporting all of the popular database structures amongst some lesser known ones, makes the task of accessing and exporting your data easy. You can also use a.. Malayalam christian songs free download mp3.
Category: Software Development / Databases & Networks
Publisher: SQL Query Tool, License: Shareware, Price: USD $29.00, File Size: 8.9 MB
Platform: Windows
Publisher: SQL Query Tool, License: Shareware, Price: USD $29.00, File Size: 8.9 MB
Platform: Windows
Free Real-time Business Intelligence for Exact Online Invantive's free SQL QueryTool for Exact Online provides you with real-time Business Intelligence across your entire enterprise. It provides access to your crucial company information stored in the Exact Online cloud. No programming, no coding, no Excel downloads; just use the SQL knowledge you already have. This enables..
Category: Business & Finance / Database Management
Publisher: Invantive Software B.V., License: Freeware, Price: USD $0.00, File Size: 281.0 KB
Platform: Windows
Publisher: Invantive Software B.V., License: Freeware, Price: USD $0.00, File Size: 281.0 KB
Platform: Windows
The QueryTool is a powerful data mining application. It allows you to perform data analysis on any SQL database. It has been developed predominately for the non technical user. No knowledge of SQL is required, most actions are data driven. NEW features : Query Builder, quickly and simply build powerful queries to interrogate your data; Summary; summarise any two columns..
Category: Business & Finance
Publisher: Tyson Software Ltd., License: Shareware, Price: USD $125.00, File Size: 2.6 MB
Platform: Windows
Publisher: Tyson Software Ltd., License: Shareware, Price: USD $125.00, File Size: 2.6 MB
Platform: Windows
Ldap Admin Tool is the premier GUI administration Tool for Ldap management, control and development. Ldap Admin Tool provides you with the ability to perform all the necessary Ldap admin routines such as creating, editing, copying, extracting and dropping Ldap objects. It supports all the latest Ldap features; moreover, you can..
Category: Utilities / Network
Publisher: LDAPSoft, License: Shareware, Price: USD $125.00, File Size: 13.4 MB
Platform: Windows
Publisher: LDAPSoft, License: Shareware, Price: USD $125.00, File Size: 13.4 MB
Platform: Windows
If you are looking for an SQL QueryTool that is powerful, containing all of the features that you need yet is still easy to learn and use, then FlySpeed SQL Query provides exactly what you need. This program, supporting all of the popular database structures amongst some lesser known ones, makes the task of accessing and exporting your data easy. You can also use a..
Category: Software Development / Databases & Networks
Publisher: Active Database Software, License: Shareware, Price: USD $29.00, File Size: 13.5 MB
Platform: Windows
Publisher: Active Database Software, License: Shareware, Price: USD $29.00, File Size: 13.5 MB
Platform: Windows
Query, update, navigate and manage all major databases from one database Tool. RazorSQL is a universal database QueryTool, programming editor, database navigator, and administration Tool with built-in connection capabilities for DB2, HSQLDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and Sybase. Any other JDBC or ODBC (Windows only) compliant database..
Ldap Query Tool For Mac Pro
Category: Software Development
Publisher: Richardson Software, License: Shareware, Price: USD $49.95, File Size: 14.3 MB
Platform: Windows
Publisher: Richardson Software, License: Shareware, Price: USD $49.95, File Size: 14.3 MB
Platform: Windows
Query, update, navigate and manage all major databases from one database Tool. RazorSQL is a universal database QueryTool, programming editor, database navigator, and administration Tool with built-in connection capabilities for DB2, HSQLDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and Sybase. Any other JDBC or ODBC (Windows only) compliant database..
Category: Software Development
Publisher: Richardson Software, License: Shareware, Price: USD $49.95, File Size: 7.0 MB
Platform: Mac
Publisher: Richardson Software, License: Shareware, Price: USD $49.95, File Size: 7.0 MB
Platform: Mac
ODBCView is a free SQL QueryTool that allows you to view and export data from any OBDC compliant database. Connect to an ODBC data source and enter a SQL statement to execute. Any resulting data is displayed on a read-only grid or it can be exported to a external CSV or HTML report file. Any valid SQL statement can be executed including UPDATE, DELETE and calls to database..
Category: Software Development
Publisher: SLIK Software Ltd, License: Freeware, Price: USD $0.00, File Size: 4.0 MB
Platform: Windows
Publisher: SLIK Software Ltd, License: Freeware, Price: USD $0.00, File Size: 4.0 MB
Platform: Windows
SQL QueryTool (using ODBC) is a Universal Data Access (UDA) Tool. It lets you Query ODBC data sources, author SQL scripts and queries, return Query results to a grid or free-form text, retrieve ODBC driver information, execute multiple SQL scripts or stored procedures simultaneously, and more. Supported Operating Systems: Windows 7/Server 2008 R2/Server..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 1.1 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 1.1 MB
Platform: Windows
SQL QueryTool (using ODBC) is a Universal Data Access (UDA) Tool. It lets you Query ODBC data sources, author SQL scripts and queries, return Query results to a grid or free-form text, retrieve ODBC driver information, execute multiple SQL scripts or stored procedures simultaneously, and more. Supported Operating Systems: Windows x64 family (XP Professional..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.1 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.1 MB
Platform: Windows
SQL QueryTool (using ADO) is a Universal Data Access (UDA) Tool. It lets you Query OLE DB data sources, author SQL scripts and queries, return Query results to a grid or free-form text, retrieve provider properties, execute multiple SQL scripts or stored procedures simultaneously, and more. Supported Operating Systems: Windows 7/Server 2008 R2/Server..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 1.3 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 1.3 MB
Platform: Windows
SQL QueryTool (using ADO) is a Universal Data Access (UDA) Tool. It lets you Query OLE DB data sources, author SQL scripts and queries, return Query results to a grid or free-form text, retrieve provider properties, execute multiple SQL scripts or stored procedures simultaneously, and more. Supported Operating Systems: Windows x64 family (XP Professional x64..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.4 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.4 MB
Platform: Windows
QueryTool (using ODBC) is a Universal Data Access (UDA) Tool. It lets you Query ODBC data sources, author SQL scripts and queries, execute multiple SQL scripts or stored procedures simultaneously, return Query results to a grid or free-form text, retrieve ODBC driver information, and more. Supported Operating Systems: Windows x64 family (XP Professional x64,..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.2 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.2 MB
Platform: Windows
QueryTool (using ADO) is a Universal Data Access (UDA) Tool. It lets you Query OLE DB data sources, author SQL scripts and queries, execute multiple SQL scripts or stored procedures simultaneously, return Query results to a grid or free-form text, retrieve OLE DB provider properties, and more. Supported Operating Systems: Windows x64 family (XP Professional..
Category: Business & Finance / Database Management
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.4 MB
Platform: Windows
Publisher: George Poulose Software, License: Shareware, Price: USD $70.00, File Size: 2.4 MB
Platform: Windows
The Professional Edition of Ldap Admin Tool contains more features like predefined customiziable searches for both Ldap (common Ldap objects one click searches) & Active Directory (over 200 common one click searches). This is the edition of Ldap Admin Tool you’ll want to use if you use your machine mainly in a professional setting. For..
Category: Utilities / Misc. Utilities
Publisher: LDAPSoft, License: Shareware, Price: USD $0.00, File Size: 41.2 MB
Platform: Windows
Publisher: LDAPSoft, License: Shareware, Price: USD $0.00, File Size: 41.2 MB
Platform: Windows
AQT is a fast and easy-to-use cross-database QueryTool. With a powerful Query environment and a wide range of DBA and developer tools, it is the ideal database product irrespective of whether you are a data analyst, DBA or developer.
One Tool - this is all you’ll ever need!
Why have multiple tools when one can do it all? With AQT you can use a..
One Tool - this is all you’ll ever need!
Why have multiple tools when one can do it all? With AQT you can use a..
Category: Business & Finance / Database Management
Publisher: Cardett Associates, License: Shareware, Price: USD $180.00, File Size: 20.6 MB
Platform: Windows
Publisher: Cardett Associates, License: Shareware, Price: USD $180.00, File Size: 20.6 MB
Platform: Windows
Created originally by and for our development team to improve productivity while developing software solutions, QueryTool 2008 is a database management Tool used to simplify SQL database access, maintain connections, run SQL commands, edit data, and export results across a wide-variety of SQL database platforms. Employs a 'tabbed interface' to simultaneously..
Mac Ldap Server
Category: Business & Finance / Database Management
Publisher: Vertical Systems Inc, License: Shareware, Price: USD $24.95, File Size: 2.1 MB
Platform: Windows
Publisher: Vertical Systems Inc, License: Shareware, Price: USD $24.95, File Size: 2.1 MB
Platform: Windows
Booshtastic Query Tool lets you run queries against MySQL databases.
Category: Software Development / Databases & Networks
Publisher: bastecklein.com, License: Freeware, Price: USD $0.00, File Size: 320.0 KB
Platform: Windows, Mac, Vista
Publisher: bastecklein.com, License: Freeware, Price: USD $0.00, File Size: 320.0 KB
Platform: Windows, Mac, Vista
Validating and verifying that database records are being created and updated correctly is a very common Quality Assurance Task. Running SQL Queries against a database is the quickest way to extract the information that you need. Whether you are a beginner at writing SQL, or a seasoned pro, SQLStomper can help speed up the process of exploring SQL Databases, building SQL Statements, running SQL..
Category: Utilities
Publisher: BugStomper Software, License: Shareware, Price: USD $24.99, File Size: 1.5 MB
Platform: Windows
Publisher: BugStomper Software, License: Shareware, Price: USD $24.99, File Size: 1.5 MB
Platform: Windows
Universal SQL Editor is a lightweight Intellisense-enabled database QueryTool. It allows you connect Oracle, DB2, SQL Server, Sybase and any ODBC compliant database, and edit complex SQL with Intellisense-like autocompletion, highlight references, parameter hinting, syntax highlighting, SQL formatting, plus other useful features that allow you to work more efficiently. In..
Category: Software Development / Databases & Networks
Publisher: Ming Software, License: Shareware, Price: USD $39.00, File Size: 2.5 MB
Platform: Windows
Publisher: Ming Software, License: Shareware, Price: USD $39.00, File Size: 2.5 MB
Platform: Windows
DBTree is a cross-platform (both database and operating system) general purpose database QueryTool. Some of the primary features of DBTree are a tabbed interface which allows you multi-database connectivity and multiple Workbooks per connection. A Workbo
Category: Software Development / Databases & Networks
Publisher: kccoder.com, License: Freeware, Price: USD $0.00, File Size: 1.1 MB
Platform: Windows, Mac, Linux, Solaris
Publisher: kccoder.com, License: Freeware, Price: USD $0.00, File Size: 1.1 MB
Platform: Windows, Mac, Linux, Solaris
SQL Developer is a is a database administration and QueryTool that provides a single consistent interface for various databases. Visually navigate through your database structure, create and execute SQL queries and scripts the easy way. Or reverse engineer complete data models with the integrated diagram editor. The follwing databases have been tested during development: Oracle..
Category: Software Development / Databases & Networks
Publisher: Jan Borchers, License: Shareware, Price: USD $99.00, File Size: 2.9 MB
Platform: Unknown
Publisher: Jan Borchers, License: Shareware, Price: USD $99.00, File Size: 2.9 MB
Platform: Unknown
A power SQL QueryTool for any databases. Provides console and GUI application; Supports Oracle, MS-SQL, PostgreSQL, MySQL, Access, Excel and so on, everyone can manage all of them in one program. Features:1. Provided Console Application (sqla.exe) and Windows Graphical User Interface (GUI) Application (wsqla.exe). 2. Supports most of popular DBMS in the world. (i.e.: Oracle, SQL..
Category: Business & Finance / Database Management
Publisher: SQLAll.Com, License: Shareware, Price: USD $29.00, File Size: 375.0 KB
Platform: Windows
Publisher: SQLAll.Com, License: Shareware, Price: USD $29.00, File Size: 375.0 KB
Platform: Windows
TotalQuery is a professional database sql QueryTool designed to make it easier to read, write and update data to all your databases. It delivers a broad range of functions and features that will help you to run multiple queries at the same time whilst being kept informed of what the connected databases are doing. Navigating the results is easy through an Excel styled grid/report..
Category: Software Development / Tools & Editors
Publisher: CoderTools, License: Shareware, Price: USD $79.95, File Size: 3.0 MB
Platform: Windows
Publisher: CoderTools, License: Shareware, Price: USD $79.95, File Size: 3.0 MB
Platform: Windows
DataLinks QueryTool allows business and IT users to quickly and easily access their data. No ODBC, writes SQL, easiest UI on the market today with simple preview data review. Data direct to Excel or XML on the fly and easily create live links. Added functionality such as de-dupe and orphaned records across disparate queries pushes DataLinks over the top.
Category: Business & Finance / MS Office Addons
Publisher: Business Intelligence, Inc., License: Commercial, Price: USD $199.99, File Size: 13.4 MB
Platform: Windows
Publisher: Business Intelligence, Inc., License: Commercial, Price: USD $199.99, File Size: 13.4 MB
Platform: Windows
Due to the nature of the work, many Red Teamers have a much stronger focus on Windows Enterprise networks. Because of this, Red Teamers have a myriad of tools and experience querying Active Directory from a windows box. Many Red Teamers start off with the common
net user
, net group
, net localgroup
commands, and now everybody is familiar with Will Shroeder’s PowerView project. Some red teamers still want to use something like dsquery
to do some custom LDAP queries like dsquery * -filter “(&(objectclass=group)(name=*admin*))” -limit 1
(this is also possible with PowerView). You can even run something like the BloodHound Project to quickly get an insane amount of Active Directory information if you have the ability to run PowerShell or C# code. What if you’re on a Mac though?Overview
I’m going to discuss a few different methods for doing some AD recon on a Mac with strictly built-in tools by comparing them to the more common Windows versions. Let’s start with a sample useful command and break it down:
dscl “/Active Directory/TEST/All Domains” read “/Groups/Domain Admins” member memberof
Ok, so what’s actually happening here?
dscl
(/usr/bin/dscl) is MacOS’ directory service command line utility. It allows users to not only query different directory services, but configure them as well (with appropriate permissions). The general format for it is dscl [options] [datasource [command]]
. For our purposes, we’re going to be using two different data sources - local and the domain’s active directory. To query the local system, we use “.” and to query AD we use “/Active Directory” in place of the datasource.The structure for this is based off of Apple’s old NetInfo Directory structure, and now includes some mix of their Open Directory (which is a fork of OpenLDAP) and Microsoft’s Active Directory.
dscl
can be used interactively by simple running dscl
without any arguments. From here, you can use ls
and cd
to browse around the directory structure. Once you get down to a specific element, you will either read
it or cat
it (they alias to the same thing). In our example, TEST is the NETBIOS name for the current domain we’re in. When you get data back from dscl, it’s in the format of attribute:value.You can also browse around the structure atomically with commands like:
Ldap Query Tool
dscl “/Active Directory/TEST/All Domains” ls /
This will enumerate the highest-level directory structure for Active Directory in the domain. This will be the same for every Domain, but will be a little different when we enumerate locally. To illustrate the differences, the local query is below on the left and the domain query is on the right:
Waves Complete 04-2018 VST-AAX WINDOWS x86 x64 offers the highest quality plugins you can find anywhere. Waves 10 Complete 2019.07.10 Full version New release - Bass Fingers, now available as a single plugin as well as in the Inspire Virtual Instruments Collection.
Jul 11, 2019 Waves.10.Complete.v10.7.2019mactorrents.io Waves Complete 10.7.2019 OSX July 10, 2019 4.47 GB With 64 – bit support, faster scanning, faster loading and faster processing, Version 9 opens up new dimensions Wαves power high performance plug. The essentials like. Nov 09, 2015 The Waves V10 update provides you with the last six years’ worth of such efforts, since our last major update to Waves v9. When you update to Waves V10 plugins, you also future-proof your sessions by ensuring that you will continue to enjoy ongoing updates moving forward.
So, back to our original command, we’ve covered the first two parts. Next, we have
read
. This is stating that we’re going to read (or cat) the contents of the next one thing in the command. If we wanted to read a bunch of different objects, we would use the readall
command. It’s important to note that the dscl command does not support wildcards in its commands. Similarly, if we just want to list out what the possible things to read are, we use list
or just ls
. We are going to read the Active Directory data for the “/Groups/Domain Admins” object. Specifically, we’re interested in the member and memberof fields, so we will only request that information from the server. If you’re used to LDAP, this last field is selecting the specific attributes we’re interested in and only returning those.Let’s now dig into this a bit more and see how this corresponds to some common Windows commands:
net user [username]
dscl . ls /Users
This command will list out the local user accounts. Two things will probably immediately jump out at you when you run this:- there are a bunch of accounts
- a lot of them have a leading underscore Accounts that start with an underscore are service accounts. This is pretty common in *nix environments. An abbridged output shows some default user accounts, default service accounts, and a test user account:
For any of these accounts, if you want to get more information, use the
read
or cat
commands:Ldap Query Tool For Mac Free
There are a few areas that are important to note that will be covered in later sections: dsAttrTypeNative, GeneratedUID, RecordType, SMBSID. If you cat an account on a domain, you’ll get a lot more information as shown in the next section.
net user [username] /domain
In my test environment, the output of the first command only reveals a few users:
However, if we dive into a user more closely, we will get a large amount of data. I’ve truncated it here, but there’s also domain specific data like user images and even plist files embedded in this data.
A couple of interesting pieces of information to note:
- distinguishedName: CN=Apple Macintosh,CN=Users,DC=test,DC=local
- My Test account’s full name is “Apple Macintosh” which is in the CN=Users group within the test.local domain
- memberOf: CN=Domain Admins,CN=Users,DC=test,DC=local
- This provides a list of all groups this account is a memberOf. Very important to look here for interesting groups.
- sAMAccountName: mac
- If you want to actually refer to this account on the network, it’s going to be by the samaccountname
- GeneratedUID: 755193A8-B596-4230-9549-55887845E73B
- This will come into play for using the
dscacheutil
anddsmemberutil
utilities
- This will come into play for using the
- NFSHomeDirectory: /Users/mac
- If the user’s home directory was on a fileshare, it would be indicated here
- SMBGroupRID: 513
- SMBPasswordLastSet: 131596785263339509
- SMBPrimaryGroupSID: S-1-5-21-3278496235-3004902057-1244587532-513
- SMBSID: S-1-5-21-3278496235-3004902057-1244587532-1105
- UserShell: /bin/bash
net localgroup [administrators]
This topic is a little less straightforward on a Mac than it is on Windows. You can see all of the local groups with the first command, but you’ll notice that there are a lot of groups. Some of these I’ll go into detail here, but you should definitely check them out to see if the organization added their own or modified some. Initial ones to look into are the admin (BUILTINAdministrators) and wheel groups - these both often provide access to higher level administrative privileges. Apple provides a few other interesting local groups that should be examined:
- com.apple.access_ssh - users that can ssh into this machine
- com.apple.access_screensharing - users that can access this machine via ARD or VNC
- com.apple.access_sessionkey
- com.apple.access_ftp
- com.apple.access_disabled - this lists accounts that are disabled (awesome for potential backdoors by re-enabling them)
Groups tend to have two main formats to them; they will either list out GroupMembers (by GeneratedUID) and GroupMembership by shortnames, or they will list NestedGroups (by GeneratedUID). The first instance is easy because it will give the shortnames for the members of that group as well, but what if you’re just given the GeneratedUIDs for other NestedGroups? Consider the following two groups: Local Admin group and the Local com.apple.access_ssh group:
The admin group provides the GeneratedUID associated with that group, the members of the group with their GeneratedUIDs, the corresponding shortnames, and lists out the other nested groups by their GeneratedUIDs. This is a little annoying because you can’t easily tell which groups are nested. A couple other important things to note:
- PrimaryGroupID: 80
- RealName: Administrators
- This provides the common name for the group
- Recordname: admin BUILTINAdministrators
- This one is pretty interesting, it gives the names used to reference this group in both Mac and Windows. This admin group is commonly referred toa s the BUILTINAdministrators group on windows.
- SMBSID: S-1-5-32-544
- This is the standard SID for the BUILTINAdministrators group. This is a handy way to identify common Windows groups and get the standard Windows SIDs for users and groups. If you’re currious about other standard windows SIDs, check out Microsoft What’s a good way to start working with these GeneratedUIDs, SIDs, ID values, and names?
dsmemberutil & dscacheutil
Enter two more built-in tools:
dsmemberutil
(/usr/bin/dsmemberutil) and dscacheutil
(/usr/bin/dscacheutil). dsmemberutil “is a program that implements the membership API calls” and dscacheutil “does various operations against the Directory Service cache … replac[ing] most of the functionality of the lookup tool previously available” - macOS man pages. dsmemberutil is a pretty interesting tool actually - it allows us to do a lot of conversions between uuid, id, sid, and names of users and groups. It also allows us to check if users are members of a group. For example, what if you wanted to see what groups are nested within the com.apple.access_ssh NestedGroups? The GeneratedUID is a UUID when it comes to dsmemberutil, so that’s what we’ll be using. Our first step is to turn the UUID into an id:Ldap Query Tool For Mac Os
This gives us the gid of the object referenced by the GeneratedUID (UUID). We specify a capital X because we’re providing a group’s UUID (it would be a lowercase x if it was a user’s UUID). From here, we use dscacheutil to get information about that gid:
This dumps the information for a group (-q group) with an attribute (-a) where the gid value is 80.
dscacheutil
can provide some sneaky access in thie regard. For example, assume you know that the RID of the local “Administrators” group should be 544. This group can technically be renamed, just like in Windows, but the SID needs to be the same. We can use dsmemberutil
and dscacheutil
to go back from this SID to the real name:dscl searching
dscl
offers the ability to search for key values with the search
action. Unfortunately, dscl only provides the ability to search for exact matches and does not provide support for wildcard searches. For example, if you want to search for all local groups that root belongs to:dscl . -search /Groups GroupMembership root
For this command, we specify which directory we want to search (/Groups), which attribute we’re interested in (GroupMembership), and which value we’re looking for (root). This method allows a single match within a single attribute. You cannot do wildcards, regular expressions, or check for multiple values.
LDAP Queries - ldapsearch
In Windows, LDAP queries can be easily done with dsquery and now in PowerShell. On a Mac, LDAP queries can easily be done with the
ldapsearch
binary (/usr/bin/ldapsearch). The format for ldapsearch is a little unintuitive, but not crazy:ldapsearch -H ldap://test.local -b dc=test,dc=local -z 1 “(&(objectclass=group)(name=*admin*))” samaccountname
Breaking this down a bit, -H specifies where to actually query and the -b specifies the searchbase. In this example, these two are the same, but they don’t have to be. If you discover that there is a trusting domain connected to your domain, you can specify that domain with the -b flag (be sure to specify the fully qualified domain name). This will result in your computer asking the DC specified by -H to ask the DC specified by -b for the LDAP query answer. The -z parameter specifies the number of results to return. It’s helpful to get one result back first to help manage what kind of data will be pulled back, discover attributes to select (like samaccountname), and make sure your query is selecting what you think it is. A -z value of 0 (or its omission) will return all results. While this query format is a bit harder than using dscl, it does provide the ability to use regex and make more powerful queries. I will create another blog post specifically on some useful LDAP queries for red teaming.
net group “Domain Computers” /domain
It’s important to note that computer names in this format will have a trailing $ symbol at the end. In my domain, there are only two computers - DC.test.local and testmac.test.local. Thus, these show up by their NETBIOS names followed by $: DC$ and testmac$.
There is a bunch of interesting information to get from these commands that you normally need complicated LDAP queries for:
- name: testmac
- This is the NETBIOS name for the computer
- networkAddress: 172.16.187.137
- The current IP address for the computer
- operatingSystem: Mac OS X
- Get the OS to help differentiate between different kinds of systems on the network
- Beneficial in conjunction with operatingSystemVersion: 10.13.1
- servicePrincipalName: afpserver/testmac.test.local host/testmac.test.local cifs/testmac.test.local vnc/testmac.test.local
- This gives information about the different services that are running on the system
- GeneratedUID: 5D111BDC-EB0B-4DF0-80C8-C5C61E46B899
Domain Information
You can get a decent amount of information about a domain from this command such as:
This points out the current domain and forest, the domain controller, the groups allowed to administer the computer, and the computer account name.
Compiled Commands
A compiled list of these commands and other potentially useful commands is in the following github gist