⌘Ctrlk

AD Recycle Bin

Theory

its members have permissions to read deleted AD object. Juicy information can be found in there.

Practice

ldapsearch can be use to enumerate deleted AD objects

ldapsearch -x -H ldap://$IP -D "[email protected]" -w 'Password!' -b "CN=Deleted Objects,DC=contoso,DC=local" -E '!1.2.840.113556.1.4.417' '(&(objectClass=*)(isDeleted=TRUE))'

Last updated 2 years ago

hashtagTheory

hashtagPractice

Theory

Practice