Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] ldap.lua - addition of extensibleMatch search filter
From: Tom Sellers <nmap () fadedcode net>
Date: Sun, 30 Oct 2011 19:44:37 -0500

All,

        I have just committed the following changes:


ldap.lua -

  1.  Added support for the LDAP extensibleMatch filter to ldap.lua.  LDAP searches using this take the following 
format:

                attributename:ruleOID:=value

        for example the following finds AD Domain controllers[1]:  (userAccountControl:1.2.840.113556.1.4.803:=8192)
        
        Valid rule OIDs are [2]:        

                1.2.840.113556.1.4.803  LDAP_MATCHING_RULE_BIT_AND
                        A match is found only if all bits from the attribute match the value.
                        This rule is equivalent to a bitwise AND operator.
                
                1.2.840.113556.1.4.804  LDAP_MATCHING_RULE_BIT_OR       
                        A match is found if any bits from the attribute match the value.
                        This rule is equivalent to a bitwise OR operator.

                1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN     
                        This rule is limited to filters that apply to the DN. This is a special "extended match
                        operator that walks the chain of ancestry in objects all the way to the root until it
                        finds a match.

  2.  I have added some documentation to the values used for packet construction.  Hopefully these will be useful as
      more capability is added to the library.


ldap-search.nse -

        I added the a quickfilter, ad_dcs, to serve as a code example on how to format an extensibleMatch search.
        This search filter finds Active Directory domain controllers.



While the above additions will likely not be terribly useful to nmap users right now, I hope to eventually enable
end users to specify complex queries such as this one which finds non-DC Windows 2003 servers:

        (&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows 
Server 2003*)))


Thanks much,

Tom



Reference:
        1. How to use the UserAccountControl flags to manipulate user account properties
               http://support.microsoft.com/kb/305144

        2. Microsoft - LDAP Search Filter Syntax
                http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault