Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ldap.lua - addition of extensibleMatch search filter

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 31 Oct 2011 19:20:35 +0100
Hi Tom,

I haven't had a chance to test these new changes and the wildcard support
yet.
But I must still say that I am very impressed and think these are some
great and valuable additions!
I actually looked into this myself in the past but was discouraged due to
the complexity and effort associated with adding it.

Cheers,
Patrik

On Mon, Oct 31, 2011 at 1:44 AM, Tom Sellers <nmap () fadedcode net> wrote:


All,

       I have just committed the following changes:


ldap.lua -

 1.  Added support for the LDAP extensibleMatch filter to ldap.lua.  LDAP
searches using this take the following format:

               attributename:ruleOID:=value

       for example the following finds AD Domain controllers[1]:
 (userAccountControl:1.2.840.113556.1.4.803:=8192)

       Valid rule OIDs are [2]:

               1.2.840.113556.1.4.803  LDAP_MATCHING_RULE_BIT_AND
                       A match is found only if all bits from the
attribute match the value.
                       This rule is equivalent to a bitwise AND operator.

               1.2.840.113556.1.4.804  LDAP_MATCHING_RULE_BIT_OR
                       A match is found if any bits from the attribute
match the value.
                       This rule is equivalent to a bitwise OR operator.

               1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN
                       This rule is limited to filters that apply to the
DN. This is a special "extended match
                       operator that walks the chain of ancestry in
objects all the way to the root until it
                       finds a match.

 2.  I have added some documentation to the values used for packet
construction.  Hopefully these will be useful as
     more capability is added to the library.


ldap-search.nse -

       I added the a quickfilter, ad_dcs, to serve as a code example on
how to format an extensibleMatch search.
       This search filter finds Active Directory domain controllers.



While the above additions will likely not be terribly useful to nmap users
right now, I hope to eventually enable
end users to specify complex queries such as this one which finds non-DC
Windows 2003 servers:

       (&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows
Server 2003*)))


Thanks much,

Tom



Reference:
       1. How to use the UserAccountControl flags to manipulate user
account properties
              http://support.microsoft.com/kb/305144

       2. Microsoft - LDAP Search Filter Syntax

http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/





-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: