Type your comment> @Amen0 said:
Type your comment> @brianma said:
Some HINTS:
user1: forget hashes. forget cracking. forget {crypt}. The life is plenty of rabbit holes. listen inside the box what ldap wants to say. using tcpd*** is your friend. Be patient, the noise doesn’t appear fast. while it listens, go to take a drink with your friends. Saving the result in a pcap file makes easier to read. Bindrequest is the start of the authentication. Get focused on those packets…
NOTE: ssh credentials are not the same as unix credentials…user2: ba****.*z is your friend. encrypted? password needed? use scripting such as 7zip-JTR Decrypt Script · GitHub and enjoy. After that read the content carefully.
root: two binaries are present. o*****l is ur friend. The other one… just another rabbit hole. Pay attention to capabilities and check if this binary has any relation with them. Do what you really want to do taking advantage of this binary. Is it possible to elevate privilege using that binary? Maybeeee…
Thanks for all the tips, but… my tcpdump inside the server don’t reveal any noise, even after hours.
tried -i ens33 & lo, dst port 389 and dst 10.10.10.119… nothing come to me, except when I generate traffic with nmap, jxplorer or ldapsearch requests.Can you PM me please to point me my errors?
Thanks in advance
Most of the options you wrote are not needed. Maybe you should write it to a file, it’s easier to see the traffic. That worked for me.