Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Active Directory user enumeration

From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Tue, 24 Jan 2006 17:19:45 +0100
you can try the Softerra LDAP browser if the server allows anonymous read access (which is often the case). 

http://download.softerra.com/files/ldapbrowser26.msi

Fred

Uno Mille wrote:

Hello,
I need to perform a pentest on an 2003 Active Directory environment and I
could not find a way to anonymously enumerate users, password policy and etc
as we normally do in a NT environment.
Any way of doing it through LDAP without any authentication ?
Regards,
Uno


--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com/tests-intrusion.html


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: