Image by somefool (MatthewM) via Flickr
Information disclosure vulnerability could be exist in the microsoft ldap server responds when it’s binding to the ldap server. When an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided. Here’s the usage of the ldapuserenum : (taken from http://labs.portcullis.co.uk/application/ldapuserenum/)
Usage
$ python ldapuserenum-0.1.py -h
Usage: ldapuserenum-0.1.py [-i] -tOptions:
–version show program’s version number and exit
-h, –help show this help message and exit
-d show description and exit
-t TARGET target IP or hostname
-i, –info show LDAP information gathering resultsExample
$ python ldapuserenum-0.1.py -t 192.168.123.32
Going to enumerate users taking ‘./users.txt’ file as input
[*] Enumerated users:
[*] User: testuser
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: administrator
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: guest
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: aspnet
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
Related articles :
- LDAP browsing with Luma
- Devil-Linux distro bundles router/firewall and server in one live CD
- Get thin client benefits for free with openThinClient
- Bad idea of the day: upgrading to Lenny with aptitude
Please explore this blog to obtain more informations about sql inject tutorial , cara ngehack fs , webgoat tutorials , friendster password cracker , and so on
ldapuserenum - Active Directory LDAP Server Information Disclosure Vulnerability is posted on November 14th, 2008 by admin. This post is filed under: Sectools, Security, Active Directory, Client, Elastra, LDAP, Lightweight Directory Access Protocol, PHP, Protocols, User .
Some people come to this post with this search term: ldapuserenum, hack friendster password, ldap 52e, cara ngehack friendster, Cara hack friendster, active directory 52e, hack active directory, backtrack ldap, Active Directory error 52E, cara hack facebook, ldap error code 52e, 52e ldap, friendster password cracker, ngehack friendster, ldapuserenum-0.1.py, cara hack fs, show ldap information, ldap backtrack, cara ngehack facebook, cara BSQL hacker,
And here is the related entries of this post:
Leave a Reply