LDAP <tcp 389, 636>

ldapdomaindump ldap://dc.sequel.htb -u 'sequel.htb\user' -p 'pwd'

ldapsearch -H ldaps://dc.sequel.htb -D '[email protected]' -w 'pwd' -b 'dc=sequel,dc=htb'   

 ldapsearch -H ldap://hutchdc.hutch.offsec -D '' -w '' -b "dc=hutch,dc=offsec"

 ldapsearch -H ldap://hutchdc.hutch.offsec -D '' -w '' -b "dc=hutch,dc=offsec" | grep description

netxec ldap <IP> -u '' -p '' --password-not-required --admin-count --users --groups

openssl s_client -showcerts -connect 10.10.11.202:3269