PaulDotCom mailing list archives
Re: pentesting LDAP
From: David Porcello <DPorcello () vermontmutual com>
Date: Wed, 15 Dec 2010 14:00:48 -0500
There's a decent quick start here: http://www.openldap.org/doc/admin24/quickstart.html. Once the top-level directory objects exist you can use ldapadd or a GUI LDAP client to add user objects. By default windows 2003 AD does allow anonymous (NULL) binds, but without authenticating you can only view the top-level domain objects. GUI clients such as ADSIedit, LDP, and Softerra can help here. Also - many third-party products that integrate with AD for "Single Sign On" are configured to use LDAP instead of LDAPS, so again there could be plaintext AD passwords to sniff. Dave.
Some great tips thanks. Any tips on setting up a lab to play with this? I suppose install is easy but thinking about sample data so I have stuff to extract. Anything on Windows LDAP? Thats where I've picked it up, both tests had NULL auth and NULL search issues. Robin
NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- pentesting LDAP Robin Wood (Dec 15)
- Re: pentesting LDAP David Porcello (Dec 15)
- Re: pentesting LDAP Robin Wood (Dec 15)
- Re: pentesting LDAP David Porcello (Dec 15)
- Re: pentesting LDAP Ryan Sears (Dec 15)
- Re: pentesting LDAP Robin Wood (Dec 15)
- Re: pentesting LDAP David Porcello (Dec 15)