joshfinley
/ Get-DomainPolicyPrivilegeRights.ps1
Created
May 13, 2025 22:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Step 1: Locate the Default Domain Policy GPO and get the gPCFileSysPath | |
| $domainDN = ([ADSI]"LDAP://RootDSE").defaultNamingContext | |
| $ldapPath = "LDAP://CN=Policies,CN=System,$domainDN" | |
| $domain = [ADSI]$ldapPath | |
| $searcher = New-Object DirectoryServices.DirectorySearcher($domain) | |
| $searcher.Filter = "(&(objectClass=groupPolicyContainer)(displayName=Default Domain Policy))" | |
| $result = $searcher.FindOne() | |
| if (-not $result) { |
joshfinley
/ ldap-cheatsheet.md
Last active
May 15, 2025 00:17
joshfinley
/ services_wordlist_big.txt
Created
May 14, 2025 23:31
big list of possible service account names
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vmhostbluegreen | |
| protonmailbridge-user | |
| tracking__opensishr | |
| mxtoolbox_datalake | |
| app_crowdstrike | |
| prophix-network | |
| ciscoasa_sso | |
| skoutaudit | |
| tp-link_partner | |
| pay__heimdalsecurity |
joshfinley
/ services_wordlist_medium.txt
Created
May 14, 2025 23:39
big but less big wordlist of potential service names
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform-checkpoint | |
| inventory-fsmo | |
| zscalerchart | |
| perforce_release | |
| fortinet_queue | |
| ci-adsync | |
| mailcow-chart | |
| platform-carbonblack | |
| opendns-staging | |
| wsus_repo |
joshfinley
/ services_wordlist_microsoft.txt
Created
May 14, 2025 23:44
autogenerated list of possible microsoft related service accounts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| devops-sys | |
| scdpmsys | |
| sys-outlook | |
| kerberos_svc | |
| sys_teams | |
| scdpm_sys | |
| dfssys | |
| vssagentsys | |
| exedge-svc | |
| systeams |
joshfinley
/ getdomainsid.sh
Created
May 21, 2025 14:56
Use ldapsearch to get the domain SID and convert to readable format
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./get_domain_sid.sh <BASE_DN> [LDAP_HOST] [BIND_DN] [BIND_PW] | |
| # | |
| # Examples: | |
| # ./get_domain_sid.sh "DC=example,DC=com" ldap.example.com "cn=admin,dc=example,dc=com" "password" | |
| # ./get_domain_sid.sh "DC=example,DC=com" ldap.example.com | |
| # ./get_domain_sid.sh "DC=example,DC=com" | |
| BASEDN="$1" |
OlderNewer