https://sql--injection.blogspot.co.uk: SPN Scanning

Scanning for SPN's through linux we first need to extract the user accounts to then find the service accounts and finally the SPN's associated.

ldapsearch -LLL -x -b "dc=EVILCORP,dc=local" -D "Administrator@EVILCORP.local" -h 192.168.1.20 -w 'PASSWORD' '(objectClass=person)' userPrincipalName | grep 'userPrincipalName'| cut -d " " -f 2

mh_@EVILCORP.local
kb_@EVILCORP.local
geri.cooper@EVILCORP.local
jamie.white@EVILCORP.local
steve_jobs@EVILCORP.local
sarah.french@EVILCORP.local
sergiu.cosmescu@EVILCORP.local
nick.smith@EVILCORP.local
john.french@EVILCORP.local
steve.irwin@EVILCORP.local
michael.cane@EVILCORP.local
lin.dan@EVILCORP.local
steve.springbok@EVILCORP.local
read.write@EVILCORP.local
philip.king@EVILCORP.local
SVC_test@EVILCORP.local
svc@EVILCORP.local

SPN Scanning

No comments:

Post a Comment