LDAP Injection Attacks : Web For Pentester

0
260
LDAP injection

Hello friends how are you i hope you are doing good so here we are closing in on our this series i really hope that you have learned a lot or a little :p so if you did learned some thing do tell us by commenting and sharing. Here are other sections MySql Injection , Directory Traversal , File Include Attacks ,Unrestricted File Upload , Command Injection Attacks,

LDAP Injection Attacks :-

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be similarly applied in LDAP Injection.

https://www.owasp.org/index.php/LDAP_injection LDAP Injection

LDAP attacks

In this section, we will cover LDAP attacks. LDAP is often used as a backend for authentication, especially in Single-Sign-On (SSO) solutions. LDAP has its own syntax that we will see in more detail, in the following examples.

Example 1

In this first example, you connect to a LDAP server, using your username and password. In this instance, The LDAP server does not authenticate you, since your credentials are invalid.

However, some LDAP servers authorise NULL Bind: if null values are sent, the LDAP server will proceed to bind the connection, and the PHP code will think that the credentials are correct. To get the bind with 2 null values, you will need to completely remove this parameter from the query. If you keep something like username=&password= in the URL, these values will not work, since they won’t be null; instead, they will be empty.

This is an important check to perform on all login forms that you will test in the future, even if the backend is not LDAP-based. –>PentesterLab
So the solution be look like this :-
http://[yourlab]/ldap/example1.php?username=hacker&password=hacker
Solution :-
http://[yourlab]/ldap/example1.php
This will authenticate you as a valid user and your request will authenticated.

Example 2:-

http://[yourlab]/ldap/example2.php?name=hacker)(cn=*))%00&password=asdfasdf

the variable $filter will become to “(&(cn=hacker)(cn=*))%00)(userPassword=[pass]))” which %00 will get rid of all the following strings.

More information about testing LDAP injection, please check the OWASP article Testing for LDAP Injection

And Also From here PentesterLab

LEAVE A REPLY

Please enter your comment!
Please enter your name here