Re: Active Directory user enumeration

["MOpsitos" <mopsitos () zbzoom net>]

I'm fairly certain that by default AD does not allow anonymous browsing
below the root level of the directory.  Only authenticated users can browse
beyond the root.

Matt

----- Original Message -----
From: "Robert Petrunic" <robert () petrunic com>
To: "Sam Evans" <wintrmte () gmail com>; "ilaiy" <ilaiy.e () gmail com>
Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>;
<pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com>
Sent: Friday, January 27, 2006 3:40 AM
Subject: Re: Active Directory user enumeration


> Try with Cain&Abel.
> If administrator disabled anonymous user enumeration trough group policy
you
> can't do it.
>
> Robert
>
> ----- Original Message -----
> From: "Sam Evans" <wintrmte () gmail com>
> To: "ilaiy" <ilaiy.e () gmail com>
> Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>;
> <pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com>
> Sent: Friday, January 27, 2006 6:50 AM
> Subject: Re: Active Directory user enumeration
>
>
> I'm not sure there is a way to enumerate AD through LDAP without
> having to authenticate first.  I have not tried it, but I am guessing
> that Anonymous Bind is turned off by default (man, now I'm kinda
> paranoid, I'll have to check!)
>
> -Sam
>
>
> On 1/26/06, ilaiy <ilaiy.e () gmail com> wrote:
> > Try this one for linux
> >
> > http://www-unix.mcs.anl.gov/~gawor/ldap/
> >
> > ./thanks
> > ilaiy
> >
> > On 1/24/06, Frederic Charpentier <fcharpen () xmcopartners com> wrote:
> > > you can try the Softerra LDAP browser if the server allows anonymous
> > > read access (which is often the case).
> > >
> > > http://download.softerra.com/files/ldapbrowser26.msi
> > >
> > > Fred
> > >
> > > Uno Mille wrote:
> > > > Hello,
> > > > I need to perform a pentest on an 2003 Active Directory environment
> > > > and I
> > > > could not find a way to anonymously enumerate users, password policy
> > > > and etc
> > > > as we normally do in a NT environment.
> > > > Any way of doing it through LDAP without any authentication ?
> > > > Regards,
> > > > Uno
> > >
> > > --
> > > Frederic Charpentier - Xmco Partners
> > > Security Consulting / Pentest
> > > web  : http://www.xmcopartners.com/tests-intrusion.html
> --------------------------------------------------------------------------
----
> > > Audit your website security with Acunetix Web Vulnerability Scanner:
> > >
> > > Hackers are concentrating their efforts on attacking applications on
> > > your
> > > website. Up to 75% of cyber attacks are launched on shopping carts,
> > > forms,
> > > login pages, dynamic content etc. Firewalls, SSL and locked-down
servers
> > > are
> > > futile against web application hacking. Check your website for
> > > vulnerabilities
> > > to SQL injection, Cross site scripting and other web attacks before
> > > hackers do!
> > > Download Trial at:
> > >
> > > http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------------------
-----
> > >
>
> --------------------------------------------------------------------------
----
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on
your
> > website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> > are
> > futile against web application hacking. Check your website for
> > vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before
> > hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
>
> --------------------------------------------------------------------------
-----
> >
>
> --------------------------------------------------------------------------
----
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------------------
-----
> --------------------------------------------------------------------------
----
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
> futile against web application hacking. Check your website for
vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------------------
-----
>



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------