DEVIL'S BLOG ON SECURITY

A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES

Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials

Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed


Join facebook group THE HACKER DEVIL

LDAP Enumeration

LDAP Enumeration

The Lightweight Directory Access Protocol(LDAP) is used to access directory listings within an active directory or from other services. A directory is compiled in hierarchical or logical form. It is suitable to attach with the Domain Name System(DNS) to allow quick lookup and fast resolution of queries. It generally runs on the port 389 and other similar
protocols.
Sometimes, it is possible to query LADP service anonymously. The query can reveal information like valid usernames that can be further used for performing attacks.
Both command line and graphical tools are available for enumerating LADP.
LdapMiner:
It is command line tool that collects information from different LADP servers by identifying its type of server and then fetching specific information.

Syntax: ldapminer.exe -h host_ip options
-p [port]: default is 389
-B [bind]: default user null
-w [password]: default user password null
-b [base search]: search user, group
-d [dump all]: get all information

Example:
C:\>ldapminer.exe -h 127.0.0.1 -d
We will cover how to use Graphical tools in next section to this. Till next post just remember JXplorer and Softerra LDAP Browser are graphical tools available to enumerate LADP.
Posted by Nrupen Masram
Labels: ,

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security