Subscribe:

Ads 468x60px

Monday 16 December 2013

LDAP Enumeration Tools And Counter Measures

LDAP Enumeration Tools And Counter Measures


When we covered LDAP enumeration we left tools part for discusing later. Now its time to have a look on every tool one by one. Lets start with LDAPminer, a free command line tool

.

LDAP Miner:

Download LDAP Miner from,

http://sourceforge.net/projects/ldapminer/

LDAP miner is free LADP enumeration tool. It is written in C and source code is also available for study and modification. It can collect information from different types of LDAP servers by identifying its type of server and then fetching specific information.

Syntax:

ldapminer.exe -h host/IP_address option

We have discussed options in LDAP Enumeration. Better use -d option

Example:

C:\Ldapminer>ldapminer.exe -h 127.0.0.1 -d

replace 127.0.0.1 with IP address you want to scan.

JXplorer:

JXplorer is a free general purpose LDAP browser used to read and search any LDAP directory. It needs Java virtual machine for installation and execution.

Some of the powerfull features of JXplorer includes,

-Supports standard LDAP operations {add,delete, modify}

-Can copy and delete tree structure

-SSL and SASL authentication

-Pluggable security providers

-Multiplatform support including Windows, Linux, Solaris, HPUX, BSD, AIX

-HTML type data display

JXplorer has many features that can not be easily included in scope of single post, I’ll better recommend you read their online manual for updated infomation on how to use JXplorer.

Softerra LDAP Browser/Administrator:

It is free LDAP client designed specially for windows. It is capable of detecting and accessing different types of LDAP directories and can support following Open Standards,

DSML

XML-RPC

XSLT

Since its functionalities are not limited as compared to JXplorer using it is not a kid’s job, better have a look on their online manul for more information on usage.

Prevention Against LDAP Enumeration:

Now that’s really tough job since preventing an Active Directory from LDAP enumeration is not quite piece of pie because its not really possible to prevent it from users accesing it from internal network. To solve this problem you will need a software named Citrix. Now as an intelligent question you might ask why Citrix? Because Citrix provides power of virtual computing and authentication that means none of the user will be allowed access to Active Directory unless he/she passes Citrix Session by disallowing anonymous LDAP queries. For more information visit www.citrix.com .

Understanding LDAP enumeration is little difficult from enumerating other things because there are lot of things that had to bought into condsideration and the attacker must have good knowlegde of at least Windows 2003 and Active directory configuration. If understanding LDAP enumeration is proving difficult for you don’t get disappointed, better read few tutorials about Windows 2003 configuration and Active Directory(can be easily found on by googling) you will surely get hands on it soon. Thanks for reading and keep visiting.

Posted by at 07:16

1 comments:

  1. Spam Leads3 June 2020 at 18:31

    Hi All!

    I'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
    Headers in Leads:

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name | DL Number | Routing Number | IP Address | Reference | Email | Rental/Owner |

    *You can ask for sample before any deal
    *Each lead will be cost $1
    *Premium Lead will be cost $5
    *If anyone wants in bulk I will negotiate
    *Sampling is just for serious buyers

    Hope for the long term deal
    For detailed information please contact me on:

    Whatsapp > +923172721122
    email > leads.sellers1212@gmail.com
    telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)