Penetration Testing mailing list archives
Re: Active Directory user enumeration
From: jmk <jmk () foofus net>
Date: Mon, 30 Jan 2006 08:51:11 -0600
On Tue, 2006-01-24 at 09:42 +0000, Uno Mille wrote:
Hello, I need to perform a pentest on an 2003 Active Directory environment and I could not find a way to anonymously enumerate users, password policy and etc as we normally do in a NT environment. Any way of doing it through LDAP without any authentication ? Regards, Uno
You have a number of options... Ldapenum: I haven't personally used this, but from sf.net... ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. https://sourceforge.net/projects/ldapenum OWNR: OWNR is modular system which can enumerate user, group, and password information from NT-based systems or AD. An older version of OWNR can be found in Foofus's DC12 presentation materials. http://www.foofus.net/defcon/foofus-DC12-v2.tar.bz2 Rpcclient: SAMBA's rpcclient is useful for performing reverse SID enumeration. Using the "lookupsids" command along with the domain SID, it's often possible to anonymously enumerate users and groups via brute-force ID guessing. Joe ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Active Directory user enumeration jmk (Feb 01)
- <Possible follow-ups>
- RE: Active Directory user enumeration Evans, Arian (Feb 04)
- RE: Active Directory user enumeration Kyle Quest (Feb 04)