DEVIL'S BLOG ON SECURITY

A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES

Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed


Join facebook group THE HACKER DEVIL

LDAP Enumeration Tools And Counter Measures

LDAP Enumeration Tools And Counter Measures

When we covered LDAP enumeration we left tools part for discusing later. Now its time to have a look on every tool one by one. Lets start with LDAPminer, a free command line tool
.

LDAP Miner:
Download LDAP Miner from,

LDAP miner is free LADP enumeration tool. It is written in C and source code is also available for study and modification. It can collect information from different types of LDAP servers by identifying its type of server and then fetching specific information.

Syntax:
ldapminer.exe -h host/IP_address option

We have discussed options in LDAP Enumeration. Better use -d option

Example:
C:\Ldapminer>ldapminer.exe -h 127.0.0.1 -d

replace 127.0.0.1 with IP address you want to scan.

JXplorer:
JXplorer is a free general purpose LDAP browser used to read and search any LDAP directory. It needs Java virtual machine for installation and execution.
Some of the powerfull features of JXplorer includes,

-Supports standard LDAP operations {add,delete, modify}
-Can copy and delete tree structure
-SSL and SASL authentication
-Pluggable security providers
-Multiplatform support including Windows, Linux, Solaris, HPUX, BSD, AIX
-HTML type data display
JXplorer has many features that can not be easily included in scope of single post, I’ll better recommend you read their online manual for updated infomation on how to use JXplorer.


Softerra LDAP Browser/Administrator:
It is free LDAP client designed specially for windows. It is capable of detecting and accessing different types of LDAP directories and can support following Open Standards,
DSML
XML-RPC
XSLT

Since its functionalities are not limited as compared to JXplorer using it is not a kid’s job, better have a look on their online manul for more information on usage.


Prevention Against LDAP Enumeration:
Now that’s really tough job since preventing an Active Directory from LDAP enumeration is not quite piece of pie because its not really possible to prevent it from users accesing it from internal network. To solve this problem you will need a software named Citrix. Now as an intelligent question you might ask why Citrix? Because Citrix provides power of virtual computing and authentication that means none of the user will be allowed access to Active Directory unless he/she passes Citrix Session by disallowing anonymous LDAP queries. For more information visit www.citrix.com .

Understanding LDAP enumeration is little difficult from enumerating other things because there are lot of things that had to bought into condsideration and the attacker must have good knowlegde of at least Windows 2003 and Active directory configuration. If understanding LDAP enumeration is proving difficult for you don’t get disappointed, better read few tutorials about Windows 2003 configuration and Active Directory(can be easily found on by googling) you will surely get hands on it soon. Thanks for reading and keep visiting.
Posted by Nrupen Masram
Labels: ,

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security