Penetration Testing mailing list archives
Re: Active Directory user enumeration
From: "MOpsitos" <mopsitos () zbzoom net>
Date: Sat, 28 Jan 2006 09:36:33 -0500
I'm fairly certain that by default AD does not allow anonymous browsing below the root level of the directory. Only authenticated users can browse beyond the root. Matt ----- Original Message ----- From: "Robert Petrunic" <robert () petrunic com> To: "Sam Evans" <wintrmte () gmail com>; "ilaiy" <ilaiy.e () gmail com> Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>; <pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com> Sent: Friday, January 27, 2006 3:40 AM Subject: Re: Active Directory user enumeration
Try with Cain&Abel. If administrator disabled anonymous user enumeration trough group policy
you
can't do it. Robert ----- Original Message ----- From: "Sam Evans" <wintrmte () gmail com> To: "ilaiy" <ilaiy.e () gmail com> Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>; <pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com> Sent: Friday, January 27, 2006 6:50 AM Subject: Re: Active Directory user enumeration I'm not sure there is a way to enumerate AD through LDAP without having to authenticate first. I have not tried it, but I am guessing that Anonymous Bind is turned off by default (man, now I'm kinda paranoid, I'll have to check!) -Sam On 1/26/06, ilaiy <ilaiy.e () gmail com> wrote:Try this one for linux http://www-unix.mcs.anl.gov/~gawor/ldap/ ./thanks ilaiy On 1/24/06, Frederic Charpentier <fcharpen () xmcopartners com> wrote:you can try the Softerra LDAP browser if the server allows anonymous read access (which is often the case). http://download.softerra.com/files/ldapbrowser26.msi Fred Uno Mille wrote:Hello, I need to perform a pentest on an 2003 Active Directory environment and I could not find a way to anonymously enumerate users, password policy and etc as we normally do in a NT environment. Any way of doing it through LDAP without any authentication ? Regards, Uno-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com/tests-intrusion.html--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers
are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831--------------------------------------------------------------------------
-----
--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831--------------------------------------------------------------------------
-----
--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before
hackers
do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 --------------------------------------------------------------------------
-----
--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 --------------------------------------------------------------------------
-----
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Active Directory user enumeration Uno Mille (Jan 24)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Sam Evans (Jan 27)
- Re: Active Directory user enumeration Robert Petrunic (Jan 27)
- Re: Active Directory user enumeration MOpsitos (Jan 30)
- Re: Active Directory user enumeration Robert Petrunic (Jan 30)
- Re: Active Directory user enumeration ilaiy (Jan 26)
- Re: Active Directory user enumeration Frederic Charpentier (Jan 26)
- <Possible follow-ups>
- RE: Active Directory user enumeration Michael Scheidell (Jan 29)
- RE: Active Directory user enumeration Free, Bob (Jan 30)