PrzemyslawKlys
commented
1 year ago Initially I was doing port testing of UDP but that by itself was giving lots of false positives so I gave up. If someone know powershell way to do it properly it could be added I guess.
Although w already do DNS verification so I am not sure if that's necessary, but maybe.
Anyways there's plenty of checks/code to be added just I have so many projects that it takes time. And as I do stuff by myself most of the time, it is what it is ;-)
Hi,
you don't seem to do any UDP checks for AD. Can you be a bit more specific what issues you had? Your queries have to be specific to the service to get relyable responses. You might check UDP 53 (DNS) with simple DNS queries, or UDP 88 (kerberos) with a more complex UDP packet like in this Lua Skript https://github.com/nmap/nmap/blob/master/scripts/krb5-enum-users.nse of NMAP. You might only want the results after the first query wich might be 'KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN' 'KRB5KDC_ERR_PREAUTH_REQUIRED' or 'KDC_ERR_WRONG_REALM'