-
Ports: ldap 389/tcp ldaps 636/tcp globalldap/globalcatldap 3268/tcp globalldaps/globalcatldapssl 3269/tcp Enumerate without credentials Nmap enumeration scans nmap -n -sV --script "ldap* and not brute" $target Ldapsearch scan ldapsearch -x -h $target -D '' -w '' -b "DC=BLA,DC=local" Connect to LDAPs/GlobalLDAPs: openssl s_client -connect $target:636 </dev/null openssl s_client -connect $target:3269 </dev/null Search in the directory: ldapsearch -x -b…
-
Note that FTP doesn’t show hidden files! Try in Windows e.g “cd ProgramData”. Enumeration With nmap. Scans a network for ftp servers which allow anonymous access. nmap -v -p21 --script=ftp-anon.nse 10.11.1.1-254 FTP relays The FTP specification defines FTP relays. One FTP server can say to another FTP server to send files to another third-party server.…