Re: Active Directory user enumeration

[Louis Lerman <lblerman () gmail com>]

Hi Uno -

Have you tried LDAP Browser (free download) from Softerra?

http://www.ldapadministrator.com/

I have successfully used it in the past.

Regards,

Louis

On 1/24/06, Uno Mille <umil () hotmail com> wrote:
> Hello,
> I need to perform a pentest on an 2003 Active Directory environment and I
> could not find a way to anonymously enumerate users, password policy and etc
> as we normally do in a NT environment.
> Any way of doing it through LDAP without any authentication ?
> Regards,
> Uno
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------