mailing list archives
[NSE] ldap.lua - addition of extensibleMatch search filter
From: Tom Sellers <nmap () fadedcode net>
Date: Sun, 30 Oct 2011 19:44:37 -0500
I have just committed the following changes:
1. Added support for the LDAP extensibleMatch filter to ldap.lua. LDAP searches using this take the following
for example the following finds AD Domain controllers: (userAccountControl:1.2.840.113518.104.22.1683:=8192)
Valid rule OIDs are :
A match is found only if all bits from the attribute match the value.
This rule is equivalent to a bitwise AND operator.
A match is found if any bits from the attribute match the value.
This rule is equivalent to a bitwise OR operator.
This rule is limited to filters that apply to the DN. This is a special "extended match
operator that walks the chain of ancestry in objects all the way to the root until it
finds a match.
2. I have added some documentation to the values used for packet construction. Hopefully these will be useful as
more capability is added to the library.
I added the a quickfilter, ad_dcs, to serve as a code example on how to format an extensibleMatch search.
This search filter finds Active Directory domain controllers.
While the above additions will likely not be terribly useful to nmap users right now, I hope to eventually enable
end users to specify complex queries such as this one which finds non-DC Windows 2003 servers:
1. How to use the UserAccountControl flags to manipulate user account properties
2. Microsoft - LDAP Search Filter Syntax
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] ldap.lua - addition of extensibleMatch search filter Tom Sellers (Oct 31)