Penetration Testing mailing list archives
RE: Active Directory user enumeration
From: "Free, Bob" <RWF4 () pge com>
Date: Fri, 27 Jan 2006 13:43:47 -0800
The default behavior was changed in 2003. 2000 generally allowed anonymous connections and then the results were based on the individual objects' permissions. By default, anonymous LDAP operations, except rootDSE searches and binds, are not permitted on Windows 2003 domain controllers, any other query will result in domain controller requesting authenticated bind to LDAP. Anonymous LDAP operations to Active Directory are disabled on Windows Server 2003 domain controllers: http://support.microsoft.com/?kbid=326690 hth -----Original Message----- From: Sam Evans [mailto:wintrmte () gmail com] Sent: Thursday, January 26, 2006 9:50 PM To: ilaiy Cc: Frederic Charpentier; pen-test () securityfocus com; Uno Mille Subject: Re: Active Directory user enumeration I'm not sure there is a way to enumerate AD through LDAP without having to authenticate first. I have not tried it, but I am guessing that Anonymous Bind is turned off by default (man, now I'm kinda paranoid, I'll have to check!) -Sam On 1/26/06, ilaiy <ilaiy.e () gmail com> wrote:
Try this one for linux http://www-unix.mcs.anl.gov/~gawor/ldap/ ./thanks ilaiy On 1/24/06, Frederic Charpentier <fcharpen () xmcopartners com> wrote:you can try the Softerra LDAP browser if the server allows anonymous read access (which is often the case). http://download.softerra.com/files/ldapbrowser26.msi Fred Uno Mille wrote:Hello, I need to perform a pentest on an 2003 Active Directory
environment and I
could not find a way to anonymously enumerate users, password
policy and etc
as we normally do in a NT environment. Any way of doing it through LDAP without any authentication ? Regards, Uno
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Active Directory user enumeration Uno Mille (Jan 24)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Sam Evans (Jan 27)
- Re: Active Directory user enumeration Robert Petrunic (Jan 27)
- Re: Active Directory user enumeration MOpsitos (Jan 30)
- Re: Active Directory user enumeration Robert Petrunic (Jan 30)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- <Possible follow-ups>
- RE: Active Directory user enumeration Michael Scheidell (Jan 29)
- RE: Active Directory user enumeration Free, Bob (Jan 30)