|
Penetration Testing
mailing list archives
RE: Active Directory user enumeration
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Tue, 31 Jan 2006 17:45:29 -0600
If you are on Windows, MS has free DSML packages for various client
OS versions you can use in writing custom ldap/sid enumeration scripts
using SOAP access over HTTP.
This is what I use:
http://www.microsoft.com/technet/downloads/winsrvr/featurepacks/default.mspx
Several of the packages used to come with pre-built scripts that only
required a little tweaking for this purpose...but they seem to have
removed the brute-force-me-now templates.
Same caveats as anon ldap browsing apply.
-ae
-----Original Message-----
From: Robert Petrunic [mailto:robert () petrunic com]
Sent: Sunday, January 29, 2006 5:00 AM
To: MOpsitos; Sam Evans; ilaiy
Cc: Frederic Charpentier; pen-test () securityfocus com; Uno Mille
Subject: Re: Active Directory user enumeration
Windows 2000 AD allows anonymous user enumeration, 2k3 AD
does not. If you
upgraded your domain from 2k to 2k3 AD - it allows anonymous user
enumeration. Of corse all you want to prevent this, all you
have to do is to
change the policy.
If you happend to know only one SID from this domain, you
could enumerate
users in it with any "hack" tool anonymously, because all
SID's have common
root. You know that admin account has 500 at the end, and all
you have to do
is to try to "guess" the SID's for the rest of accounts. So
you start asking
AD for username that belongs to SID 501, 502 .... 1000...
2000 ...3000 etc.
It will return to you the names for the accounts if this SID exists.
Robert
----- Original Message -----
From: "MOpsitos" <mopsitos () zbzoom net>
To: "Robert Petrunic" <robert () petrunic com>; "Sam Evans"
<wintrmte () gmail com>; "ilaiy" <ilaiy.e () gmail com>
Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>;
<pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com>
Sent: Saturday, January 28, 2006 3:36 PM
Subject: Re: Active Directory user enumeration
I'm fairly certain that by default AD does not allow
anonymous browsing
below the root level of the directory. Only authenticated
users can
browse
beyond the root.
Matt
----- Original Message -----
From: "Robert Petrunic" <robert () petrunic com>
To: "Sam Evans" <wintrmte () gmail com>; "ilaiy" <ilaiy.e () gmail com>
Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>;
<pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com>
Sent: Friday, January 27, 2006 3:40 AM
Subject: Re: Active Directory user enumeration
Try with Cain&Abel.
If administrator disabled anonymous user enumeration
trough group policy
you
can't do it.
Robert
----- Original Message -----
From: "Sam Evans" <wintrmte () gmail com>
To: "ilaiy" <ilaiy.e () gmail com>
Cc: "Frederic Charpentier" <fcharpen () xmcopartners com>;
<pen-test () securityfocus com>; "Uno Mille" <umil () hotmail com>
Sent: Friday, January 27, 2006 6:50 AM
Subject: Re: Active Directory user enumeration
I'm not sure there is a way to enumerate AD through LDAP without
having to authenticate first. I have not tried it, but I
am guessing
that Anonymous Bind is turned off by default (man, now I'm kinda
paranoid, I'll have to check!)
-Sam
On 1/26/06, ilaiy <ilaiy.e () gmail com> wrote:
Try this one for linux
http://www-unix.mcs.anl.gov/~gawor/ldap/
./thanks
ilaiy
On 1/24/06, Frederic Charpentier
<fcharpen () xmcopartners com> wrote:
you can try the Softerra LDAP browser if the server
allows anonymous
read access (which is often the case).
http://download.softerra.com/files/ldapbrowser26.msi
Fred
Uno Mille wrote:
Hello,
I need to perform a pentest on an 2003 Active
Directory environment
and I
could not find a way to anonymously enumerate users,
password
policy
and etc
as we normally do in a NT environment.
Any way of doing it through LDAP without any authentication ?
Regards,
Uno
--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com/tests-intrusion.html
--------------------------------------------------------------
------------
----
Audit your website security with Acunetix Web
Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on
your
website. Up to 75% of cyber attacks are launched on
shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down
servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web
attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
------------
-----
--------------------------------------------------------------
------------
----
Audit your website security with Acunetix Web
Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on
your
website. Up to 75% of cyber attacks are launched on
shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down
servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web
attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
------------
-----
--------------------------------------------------------------
------------
----
Audit your website security with Acunetix Web
Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on
shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
------------
-----
--------------------------------------------------------------
------------
----
Audit your website security with Acunetix Web
Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on
shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
------------
-----
--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on shopping
carts, forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are
futile against web application hacking. Check your website
for vulnerabilities
to SQL injection, Cross site scripting and other web attacks
before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
