All about LDAP enumeration

LDAP Enumeration

LDAP stands for light weight directory access protocol and it is an internet protocol for accessing disturbed directory services like active directory or openLDAP etc. A directory service is a hirerchical and logical structure for storing records of users. LDAP is based on client and server transmitted b/w client and server using basic encoding rules (BER).


LDAP Enumeration - LDAP  supports anonymous remote query on the server. The query will disclose sensitive information such as username, address, contact details, department details etc.

LDAP Enumeration Tools

The following table shows the list of tools to perform LDAP enumeration.

1) Softerra LDAP

http://www.idapadministrator.com/


2) Jxplorer

http://jsxplorer.org/


3) Active directory domain services management pack for system center

https://www.microsoft.com/en-in/download/details.aspx?id=21357


4) LDAP Admin Tool

http://www.idapadmin.org/


5) LDAP adminstrator tool

https://sourceforge.netprojects/idapadmin/

LDAP Security Controls

The following are the security controls to prevent LDAP enumeration attacks.

# Use SSL to encrypt LDAP communication.

# Use kerberos to restrict the access to known users.

# Enable account lockout to restrict brute forcing.

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.