Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
ADSISearcher (Part 2)

Uday Mittal July 8, 2020 1 Comment

ADSISearcher (Part 2)

ADSISearcher is a class for searching for objects in Active Directory. It is part of .NET framework (System.DirectoryServices.DirectorySearcher) and van be accessed via PowerShell by creating object for the above class

  • Example:
    • $adsiSearcherObj = New-Object –TypeName System.DirectoryServices.DirectorySearcher
      • takes the LDAP path to current domain by default
      • Pass ADSI Directory Entry object type as ArgumentList to change the search path
        • -ArgumentList @([ADSI]”LDAP://dc=ycsccorp,dc=local”)

OR

    • $adsiObj = [ADSI]”LDAP://dc=ind,dc=ycsccorp,dc=local”
    • $adsiSearcherObj = [adsisearcher]$adsiObj

OR

    • $adsiSearcherObj = [adsisearcher][ADSI]”LDAP://dc=ycsccorp,dc=local”

ADSISearcher Functions

To perform search operations, via ADSISearcher, on the specified search root we use FineOne() and FindAll() methods

  • Syntax:
    • Search for single object
      • $adsiSearcherObj.FindOne() – by default returns information about the search root
    • Search for multiple objects
      • $adsiSearcherObj.FindAll() – by default returns information about all objects within the search root

ADSISearcher Filters

We can search the search root for specific objects by using the Filter property offered by ADSISearcher object.

  • Syntax:
    • Filter for single object
      • $adsiSearcherObj.Filter = “samAccountName=user.ind02”
    • Filter using wild cards
      • $adsiSearcherObj.Filter = “cn=*user*”
      • $adsiSearcherObj.Filter = “ou=*”
    • Combining multiple filters
      • $adsiSearcherObj.Filter = “(&(cn=*admin*)(objectCategory=group))”
      • $adsiSearcherObj.Filter = “(|(cn=*sql*)(objectCategory=computer))”
      • $adsiSearcherObj.Filter = “(&(!name=*ind*)(objectCategory=user))”

To learn about the Active Directory architecture used in this lab click here.

Watch the video

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • Active Directory User Enumeration using PowerViewActive Directory User Enumeration using PowerView
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: ADSI, Enumeration Tagged With: Active directory, adsecurity, adsi, adsisearcher, attack active directory, crte, crtp, domain enumeration, forest enumeration, offensive security, Penetration Testing, pentest, powersploit, Powerview, red team, user enumeration, windows 2016, windows security, yaksas csc

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux lab environment lab hardware Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest powersploit Powerview privacy red team Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • Active Directory Network Recon using PowerView
    Active Directory Network Recon using PowerView
  • Are you sharing sensitive information over WhatsApp?
    Are you sharing sensitive information over WhatsApp?
  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress