Nmap Development mailing list archives
[NSE] ldap-brute - adjustments to support AD at 2008 R2 function level, additional account conditions
From: Tom Sellers <nmap () fadedcode net>
Date: Sun, 07 Aug 2011 19:17:05 -0500
All, I have just committed the following changes to ldap-brute.nse: 1. Tweaked ldap-brute.nse to work correctly when the target AD implementation is 2008 R2. The current LDAP response match line includes a value that I believe indicates the functional level of the queried domain - vece: "AcceptSecurityContext error, data 775, vece" Here is the response from an Active Directory implementation at 2008 R2 functional level: "AcceptSecurityContext error, data 775, v1db1" I suspect that the 2008 functional level has a different value as well. This was not enough to prevent a successful username/password combination from being found when an account was valid, but it would prevent detection of certain situations where the credentials were valid but the account was disabled, locked, time limited, etc. In these situations the script would continue until it had exhausted the password list despite technically finding a match early on. 2. Added detection of accounts where the credentials are correct, but the account is expired, not allowed to log on at the time of the scan or has been limited to logging in from particular hosts. Each code was tested against a 2008 R2 implementation but based on my research it should be standard across all AD versions. Thanks, Tom Sellers References: 1. http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp?topic=%2Fcom.ibm.itrc.doc_5.1.2%2Ftrc-install79.htm 2. http://primalcortex.wordpress.com/2007/11/28/active-directory-ldap-errors/ 3. http://confluence.atlassian.com/display/CONFKB/LDAP+Error+Code+49 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ldap-brute - adjustments to support AD at 2008 R2 function level, additional account conditions Tom Sellers (Aug 09)