Penetration Testing mailing list archives
Re: [PEN-TEST] Tool for LDAP Enumeration
From: "Wall, Kevin" <Kevin.Wall () QWEST COM>
Date: Wed, 10 Jan 2001 11:33:52 -0500
On 1/9/01 3:05 PM, Dave Loschiavo wrote:
I'm poking at a Win2k box, and I can see the LDAP port. Are there any tools I can use to try to do some enumeration via LDAP? Also has any heard of a way to use Netscape to enumerate an Win2k box via LDAP?
There are some CL tools that come with Netscape Directory Server. They are ldapsearch and ldapmodify are are quite useful for poking around directories that can be queried using LDAP. There usefulness depends on the directory servers ACLs and whether or not you are connecting as "anonymous" or as an authenticated user, if if the latter, which roles/groups you belong to (e.g., an admin type group, etc.). Generally though, you can do quite a bit anonymously. (Oftentimes, much more than intended, but that's another story.) OTOH, if what is really running on the Win2K standard LDAP port (389 I believe?) is not really some LDAP-compliant directory, but instead (Radio)Active Directory, then you may be SOL. Although I've not confirmed this personally, I've been told that while AD can query other directory services via LDAP, other directories can not access it via LDAP. (That is, the typical "embrace, extend, and make-incompatible-so-we-can-own-the-market" mentality of M$. Similar to what they did with Kerberos. Of course, that requires that the spend extra money for incompatibility testing. ;-) --- Kevin W. Wall Sr. SW Architect / Staff SW Eng. Qwest Communications International, Inc. Java / UNIX / Security Business Object Development Center Business phone: 614-932-5542 Dublin, OH. 43017 E-mail: kwwall@acm.o
Current thread:
- Re: [PEN-TEST] Tool for LDAP Enumeration, (continued)
- Re: [PEN-TEST] Tool for LDAP Enumeration Alex Butcher (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Gary Flynn (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Carlos Henrique Bauer (Jan 15)
- Re: [PEN-TEST] Tool for LDAP Enumeration Sebastian Stark (Jan 18)
- Re: [PEN-TEST] Tool for LDAP Enumeration Erik Tayler (Jan 19)
- Re: [PEN-TEST] Tool for LDAP Enumeration Ken Pfeil (Jan 09)
- Re: [PEN-TEST] Tool for LDAP Enumeration Schwienteck, Matthew (Jan 09)
- Re: [PEN-TEST] Tool for LDAP Enumeration Attonbitus Deus (Jan 09)
- Re: [PEN-TEST] Tool for LDAP Enumeration Mathew Bevan (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Attonbitus Deus (Jan 09)
- Re: [PEN-TEST] Tool for LDAP Enumeration Moonen, Ralph (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Wall, Kevin (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Jason Witty (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration ian . vitek (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration Mark Bell (Jan 10)
- Re: [PEN-TEST] Tool for LDAP Enumeration H Carvey (Jan 18)
- Re: [PEN-TEST] Tool for LDAP Enumeration Alex Butcher (Jan 10)