Update Enumerating and Exploiting Common Services.md

0xRar · web-flow · commit cdaad7300180 · 2024-07-30T23:45:10.000+03:00
diff --git a/Active Directory/Enumerating and Exploiting Common Services.md b/Active Directory/Enumerating and Exploiting Common Services.md
@@ -1 +1,52 @@
+# Enumerating and Exploiting Common Services:
 
+## Active Directory Ports/Services
+```
+TCP/UDP port 53: DNS
+TCP/UDP port 88: Kerberos authentication
+TCP/UDP port 135: RPC
+TCP/UDP port 137-138: NetBIOS
+TCP/UDP port 389: LDAP
+TCP/UDP port 445-139: SMB
+TCP/UDP port 464: Kerberos password change
+TCP/UDP port 636: LDAP SSL
+TCP/UDP port 3268-3269: LDAP Global catalog / LDAP GC SSL
+```
+
+## SMB
+> Server Message Block is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network.
+
+Gathering Information with `enum4linux`:
+```
+enum4linux <server>
+```
+
+Listing Shares with `smbclient`:
+```
+smclient -L //server/
+```
+
+Connecting to SMB Using `Null Session`:
+```
+smbclient -N //server/share
+```
+
+Enumerate `Null Session` with `netexec`:
+```
+nxc smb 10.10.10.161 -u '' -p ''
+nxc smb 10.10.10.161 -u '' -p '' --shares
+nxc smb 10.10.10.161 -u '' -p '' --pass-pol
+nxc smb 10.10.10.161 -u '' -p '' --users
+nxc smb 10.10.10.161 -u '' -p '' --groups
+```
+
+## LDAP
+> The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.
+
+Getting Usernames from ldap (if its enabled for anonymous) with `ldapsearch`:
+```
+ldapsearch -x -h <SERVER> -s base namingcontexts
+ldapsearch -x -h <SERVER> -b 'DC=test,DC=LOCAL' -s sub
+```
+
+**By 0xRar**
