Nmap Development mailing list archives
Re: [NSE] ldap.lua - addition of extensibleMatch search filter
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 31 Oct 2011 19:20:35 +0100
Hi Tom, I haven't had a chance to test these new changes and the wildcard support yet. But I must still say that I am very impressed and think these are some great and valuable additions! I actually looked into this myself in the past but was discouraged due to the complexity and effort associated with adding it. Cheers, Patrik On Mon, Oct 31, 2011 at 1:44 AM, Tom Sellers <nmap () fadedcode net> wrote:
All, I have just committed the following changes: ldap.lua - 1. Added support for the LDAP extensibleMatch filter to ldap.lua. LDAP searches using this take the following format: attributename:ruleOID:=value for example the following finds AD Domain controllers[1]: (userAccountControl:1.2.840.113556.1.4.803:=8192) Valid rule OIDs are [2]: 1.2.840.113556.1.4.803 LDAP_MATCHING_RULE_BIT_AND A match is found only if all bits from the attribute match the value. This rule is equivalent to a bitwise AND operator. 1.2.840.113556.1.4.804 LDAP_MATCHING_RULE_BIT_OR A match is found if any bits from the attribute match the value. This rule is equivalent to a bitwise OR operator. 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN This rule is limited to filters that apply to the DN. This is a special "extended match operator that walks the chain of ancestry in objects all the way to the root until it finds a match. 2. I have added some documentation to the values used for packet construction. Hopefully these will be useful as more capability is added to the library. ldap-search.nse - I added the a quickfilter, ad_dcs, to serve as a code example on how to format an extensibleMatch search. This search filter finds Active Directory domain controllers. While the above additions will likely not be terribly useful to nmap users right now, I hope to eventually enable end users to specify complex queries such as this one which finds non-DC Windows 2003 servers: (&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*))) Thanks much, Tom Reference: 1. How to use the UserAccountControl flags to manipulate user account properties http://support.microsoft.com/kb/305144 2. Microsoft - LDAP Search Filter Syntax http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ldap.lua - addition of extensibleMatch search filter Tom Sellers (Oct 30)
- Re: [NSE] ldap.lua - addition of extensibleMatch search filter Patrik Karlsson (Oct 31)