Ldap all — различия между версиями
Материал из InformationSecurity WIKI
Drakylar (обсуждение | вклад) (Новая страница: « =Работа с LDAP= ==Поиск== ===Скан портов=== ====Nmap==== <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll"…») |
Drakylar (обсуждение | вклад) м (→Получение информации) |
||
| Строка 24: | Строка 24: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | ===Чтение LDAP=== | ||
| + | Используем когда знаем структуру | ||
| + | |||
| + | ====ldapsearch==== | ||
| + | |||
| + | Простой вариант | ||
| + | <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll" > | ||
| + | ldapsearch -x -b "dc=company,dc=com" -s base -h <host> | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | С ssl | ||
| + | <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll" > | ||
| + | LDAPTLS_REQCERT=never ldapsearch -x -D "uid=Name.Surname,OU=People,DC=Company,DC=com" -W -H ldaps://<host> -b "uid=Name.Surname,OU=People,DC=Company,DC=com" -s sub | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | Поиск | ||
| + | <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll" > | ||
| + | ldapsearch -x -p 389 -h "127.0.0.1" -b "ou=people,dc=company,dc=com" -s sub "objectClass=*" | ||
| + | |||
| + | ldapsearch -x -p 1389 -h "127.0.0.1" -b "dc=company,dc=com" -s one "objectClass=*" | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ===Редактирование LDAP=== | ||
| + | |||
| + | ====ldapmodify==== | ||
| + | |||
| + | <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll" > | ||
| + | ldapmodify -a -h "127.0.0.1" -p 389 -D "cn=Directory Manager" -w 'password' -f modify.ldif | ||
| + | dn: ou=people,dc=company,dc=com | ||
| + | objectClass: top | ||
| + | objectClass: organizationalunit | ||
| + | ou: people | ||
| + | ... | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ====ldapdelete==== | ||
| + | |||
| + | <syntaxhighlight lang="bash" line="1" enclose="div" style="overflow-x:scroll" > | ||
| + | ldap delete -x -D "cn=Directory Manager" -w 'password' -p 1389 -h "127.0.0.1" "uid=identifier,ou=people,dc=company,dc=com" | ||
| + | </syntaxhighlight> | ||
==Атаки== | ==Атаки== | ||
Версия 13:32, 28 апреля 2020
Содержание
Работа с LDAP
Поиск
Скан портов
Nmap
nmap -p 389,636 -sV target -vПолучение информации
Структура LDAP
Nmap
Получаем всю публичную инфу в тч про CN и DC.
nmap -p 389,636 --script ldap-rootdse target -vvЧтение LDAP
Используем когда знаем структуру
ldapsearch
Простой вариант
ldapsearch -x -b "dc=company,dc=com" -s base -h <host>С ssl
LDAPTLS_REQCERT=never ldapsearch -x -D "uid=Name.Surname,OU=People,DC=Company,DC=com" -W -H ldaps://<host> -b "uid=Name.Surname,OU=People,DC=Company,DC=com" -s subПоиск
ldapsearch -x -p 389 -h "127.0.0.1" -b "ou=people,dc=company,dc=com" -s sub "objectClass=*"
ldapsearch -x -p 1389 -h "127.0.0.1" -b "dc=company,dc=com" -s one "objectClass=*"Редактирование LDAP
ldapmodify
ldapmodify -a -h "127.0.0.1" -p 389 -D "cn=Directory Manager" -w 'password' -f modify.ldif
dn: ou=people,dc=company,dc=com
objectClass: top
objectClass: organizationalunit
ou: people
...ldapdelete
ldap delete -x -D "cn=Directory Manager" -w 'password' -p 1389 -h "127.0.0.1" "uid=identifier,ou=people,dc=company,dc=com"Атаки
Брут
Nmap
nmap -p 389,636 --script ldap-brute --script-args ldap.base='"cn=schema,dc=targetbox,dc=target"' target -vv