Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
SPN Scanning using ADSI (Part 3)

Uday Mittal July 8, 2020 Leave a Comment

SPN Scanning using ADSI (Part 3)

A Service Principal Name (SPN) is a unique identifier of a service instance. It is used to link an AD object (service accounts, users, computers etc.) with a service. It can be used as an alternative to a port scan in an Active Directory environment. Some common SPNs are:

  • CIFS
  • host
  • HTTP
  • https
  • IMAP
  • mongod
  • mongos
  • MSSQL
  • MSSQLSvc
  • SMTP
  • POP
  • vnc
  • vpn

A comprehensive list of SPNs is available here

How to scan for SPN using ADSI?

In Part 2 of this series we covered how to use filters with ADSI Searcher class. We can use the filter property to search an Active Directory for a particular SPN:

$adsiSearcherObj.Filter = “serviceprincipalname=<spn>”

Using the SPN list above and a bit of Powershell scripting, we can automate this task to search for a vast range of SPNs. The video below demonstrates this and the PowerShell script could be found here

Related Posts

  • ADSISearcher (Part 2)ADSISearcher (Part 2)
  • Active Directory User Enumeration using PowerViewActive Directory User Enumeration using PowerView
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: ADSI, Enumeration Tagged With: Active directory, adsecurity, adsi, adsisearcher, attack active directory, crte, crtp, domain enumeration, forest enumeration, offensive security, Penetration Testing, pentest, powersploit, Powerview, red team, spn, spn scanning, user enumeration, windows 2016 windows security

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security command and control crte crtp cyber-warfare Cyber Security cybersecurity Cybersecurity books Cybersecurity Cannon domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Narendra Modi offensive security Online Safety opsec Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration

Top Posts

  • Mr. Robot: Fsociety deploys ransomware
    Mr. Robot: Fsociety deploys ransomware
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera
  • DCPP: Everything You Need to Know
    DCPP: Everything You Need to Know
  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • SPN Scanning using ADSI (Part 3)
    SPN Scanning using ADSI (Part 3)
  • Book Review: Penetration Testing Azure for Ethical Hackers
    Book Review: Penetration Testing Azure for Ethical Hackers

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress