Skip to content

Added query for ldaputility.cs (DumpPwdLastSet & DumpLastLogon) #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Mr-Un1k0d3r merged 2 commits into from
Jan 27, 2020
Merged

Added query for ldaputility.cs (DumpPwdLastSet & DumpLastLogon) #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e616a64
Update ldaputility.cs
tazz0 Jan 27, 2020
982ae28
Update README.md
tazz0 Jan 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ ldaputility.exe DumpComputer RingZer0 DC01
ldaputility.exe DumpAllGroups RingZer0
ldaputility.exe DumpGroup RingZer0 "Domain Admins"
ldaputility.exe DumpPasswordPolicy RingZer0
ldaputility.exe DumpPwdLastSet RingZer0
ldaputility.exe DumpLastLogon RingZer0
```

# Cookies Monster
Expand Down
36 changes: 36 additions & 0 deletions ldaputility.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,42 @@ static void Main(string[] args)
ShowDebug(e, verboseDebug);
}
}
else if (option == "dumppwdlastset")
{
// Based on https://www.trustedsec.com/blog/targeted-active-directory-host-enumeration/
string query = "";
string properties = "name,givenname,displayname,samaccountname,adspath,distinguishedname,memberof,ou,mail,proxyaddresses,lastlogon,pwdlastset,mobile,streetaddress,co,title,department,description,comment,badpwdcount,objectcategory,userpassword,scriptpath";
var date = DateTime.Today.AddDays(-(DateTime.Today.Day + 90));
long dateUtc = date.ToFileTimeUtc();
try
{
query = "(&(objectCategory=Computer)(pwdlastset>="+ dateUtc.ToString() + ")(operatingSystem=*windows*))";
LdapQuery(domain, query, properties);
}
catch (Exception e)
{
Console.WriteLine("ERROR: DumpPasswordPolicy catched an unexpected exception");
ShowDebug(e, verboseDebug);
}
}
else if (option == "dumplastlogon")
{
// Based on https://www.trustedsec.com/blog/targeted-active-directory-host-enumeration/
string query = "";
string properties = "name,givenname,displayname,samaccountname,adspath,distinguishedname,memberof,ou,mail,proxyaddresses,lastlogon,pwdlastset,mobile,streetaddress,co,title,department,description,comment,badpwdcount,objectcategory,userpassword,scriptpath";
var date = DateTime.Today.AddDays(-(DateTime.Today.Day + 90));
long dateUtc = date.ToFileTimeUtc();
try
{
query = "(&(objectCategory=Computer)(lastLogon>=" + dateUtc.ToString() + ")(operatingSystem=*windows*))";
LdapQuery(domain, query, properties);
}
catch (Exception e)
{
Console.WriteLine("ERROR: DumpPasswordPolicy catched an unexpected exception");
ShowDebug(e, verboseDebug);
}
}
else
{
Console.WriteLine("Invalid argument: {0} not found", option);
Expand Down