Penetration Testing mailing list archives
Re: [PEN-TEST] LDAP-nullbase
From: spi <securityguru () EARTHLINK NET>
Date: Wed, 20 Sep 2000 18:48:06 -0400
ldap-nullbase basiclly means that you can request a base object of "" this is sort of the equivelent of doing a "dir c:\" ----- Original Message ----- From: "krisk" <krisk () medshoppeintl com> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, September 20, 2000 8:01 AM Subject: LDAP-nullbase
A recent scan on our beta Win 2000 network came up showing a ldap-nullbase vulnerability. If I understand this correctly, this is similar to a Win netbios null session, allowing enumeration of users, shares, etc.
ldap-nullbase basiclly means that you can request a base object of "" this is sort of the equivelent of doing a "dir c:\"
Does anyone have more info on this? What tools or commands are used to
pull
down directory listings etc. using this? Can this be done remotely? Ports used? Other methods to test for this? How to secure this?
Any ldap client can be used. ldap is on port 389 just specify a base object of ""
Thanks! Kris Kistler Security Admin. St. Louis, MO
Current thread:
- [PEN-TEST] First step of a pen-test Christopher M. Bergeron (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tom Litney (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 19)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase Brian Conte (Sep 20)
- Re: [PEN-TEST] LDAP-nullbase spi (Sep 20)
- [PEN-TEST] LDAP-nullbase krisk (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Erik Tayler (Sep 20)
- Re: [PEN-TEST] First step of a pen-test van der Kooij, Hugo (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Wandering One (Sep 20)
- <Possible follow-ups>
- Re: [PEN-TEST] First step of a pen-test Dunker, Noah (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Tonick, Mike (Sep 19)
- Re: [PEN-TEST] First step of a pen-test Jason Stout (Sep 20)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)
- [PEN-TEST] anyone using firewalking? The Picard (Sep 20)
- Re: [PEN-TEST] anyone using firewalking? Jonathan Rickman (Sep 21)
- Re: [PEN-TEST] anyone using firewalking? El Nahual (Sep 21)
- Re: [PEN-TEST] First step of a pen-test Teicher, Mark (Sep 20)