Created
August 30, 2018 02:27
-
-
Save atucom/7d8f8291138ff54dc7545088f51cef4f to your computer and use it in GitHub Desktop.
Brute force LDAP CN entries and download them locally
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @atucom 2018 | |
| # This tool brutes all cn attributes from ldap recursively. | |
| # Additionally, if a result limit is exceeded, it will drill down farther and keep going | |
| import os | |
| import subprocess | |
| import string | |
| targetLDAPServer = 'corp.example.com' | |
| username = '[email protected]' | |
| # Password should be placed in a file called 'password.txt' in cur dir | |
| baseDN = 'DC=corp,DC=example,DC=com' | |
| def addAndSearch(currentSearch): | |
| """ Recursive function to conditionally and iteratively scrap all LDAP entries | |
| """ | |
| # ldapsearch is case insensitive, so we just use uppercase chars + digits | |
| for newChar in string.ascii_uppercase + string.digits: | |
| newSearch = currentSearch + newChar | |
| print("Now searching {}".format(newSearch)) | |
| # The ldapsearch command to run | |
| cmd = 'ldapsearch -x -W -LLL -h ' + targetLDAPServer + ' -D ' + username + ' -y password.txt -b \"' + baseDN + '\" \"(cn=' + newSearch + '*)\"' | |
| cmdoutput = subprocess.run(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) | |
| if b'limit exceeded' in cmdoutput.stderr: | |
| print("Limit Exceeded, adding another char to: {}".format(newSearch)) | |
| addAndSearch(newSearch) | |
| else: | |
| with open(newSearch + '.out', 'w+') as file: | |
| file.write(cmdoutput.stdout.decode('ascii')) | |
| # Start at the begining, this can take a while | |
| addAndSearch("") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment