Penetration Testing mailing list archives
RE: Active Directory user enumeration
From: "Michael Scheidell" <scheidell () secnap net>
Date: Thu, 26 Jan 2006 07:21:15 -0500
Hello, I need to perform a pentest on an 2003 Active Directory environment and I could not find a way to anonymously enumerate users, password policy and etc as we normally do in a NT environment. Any way of doing it through LDAP without any authentication ? Regards, Uno
Look at nessus tests. Hey can do it via registry entries (for password policy) and sid's enumeration for users (unless anon settings == 2 on AD) If not, a little social engineering might get you a user level account. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Active Directory user enumeration Uno Mille (Jan 24)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Sam Evans (Jan 27)
- Re: Active Directory user enumeration Robert Petrunic (Jan 27)
- Re: Active Directory user enumeration MOpsitos (Jan 30)
- Re: Active Directory user enumeration Robert Petrunic (Jan 30)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- <Possible follow-ups>
- RE: Active Directory user enumeration Michael Scheidell (Jan 29)
- RE: Active Directory user enumeration Free, Bob (Jan 30)