LDAP SERVICE ENUMERATION

while dealing with some windows CTF boxes, I came across LDAP service and there are tools available for exploitation or enumeration. Well, automation is a great thing but what's going on at the backend is also matters. This article shows a manual demonstration of how we can extract data from LDAP service.

 First step setting up and binding the connection.

• from ldap3 import Server, Connection, ALL
• server = Server('x.x.x.x.x',get_info=ALL)
• conn = Connection(server)
• conn.bind()

Now grab the server information like naming context or server name etc.

• server.info

 Now if you have the Domain Component(DC) or Common name(CN) we can grab more sensitive data like user details by crafting a query like.

• conn.search(search_base='DC=MEGABANK,DC=LOCAL',search_filter='(&(objectClass=user))',search_scope='SUBTREE',attributes='')

  this will list all the users belongs to object class user.

for enumerating specific users, the query will look like this.

• conn.search(search_base='CN=Mike Hope,OU=London,OU=MegaBank Users,DC=MEGABANK,DC=LOCAL',search_filter='(&(objectClass=user))',search_scope='SUBTREE',attributes='*')