LDAP Enumeration
LDAP stands for light weight directory access
protocol and it is an internet protocol for accessing disturbed directory
services like active directory or openLDAP etc. A directory service is a
hirerchical and logical structure for storing records of users. LDAP is based
on client and server transmitted b/w client and server using basic encoding
rules (BER).
LDAP Enumeration - LDAP supports
anonymous remote query on the server. The query will disclose sensitive
information such as username, address, contact details, department details
etc.
LDAP Enumeration Tools
The following table shows the list of tools to perform LDAP
enumeration.
1) Softerra LDAP
http://www.idapadministrator.com/
2) Jxplorer
http://jsxplorer.org/
3) Active directory domain services management pack for system center
https://www.microsoft.com/en-in/download/details.aspx?id=21357
4) LDAP Admin Tool
http://www.idapadmin.org/
5) LDAP adminstrator tool
https://sourceforge.netprojects/idapadmin/
LDAP Security Controls
The following are the security controls to prevent LDAP enumeration
attacks.
# Use SSL to encrypt LDAP communication.
# Use kerberos to restrict the access to known users.
#
Enable account lockout to restrict brute forcing.
Disclaimer
All tutorials are for informational and educational purposes
only and have been made using our own routers, servers, websites and other
vulnerable free resources. we do not contain any illegal activity. We believe
that ethical hacking, information security and cyber security should be
familiar subjects to anyone using digital information and computers. Hacking
Truth is against misuse of the information and we strongly suggest against it.
Please regard the word hacking as ethical hacking or penetration testing every
time this word is used. We do not promote, encourage, support or excite any
illegal activity or hacking.