Premium Resources

LDAP Enumeration

The Lightweight Directory Access Protocol is a protocol used to access directory listings within Active Directory or from other Directory Services. A directory is usually compiled in a hierarchical and logical format, rather like the levels of management and employees in a company. LDAP tends to be tied into the Domain Name System to allow integrated quick lookups and fast resolution of queries. LDAP generally runs on port 389 and like other protocols tends to usually conform to a distinct set of rules (RFC's). It is possible to query the LDAP service, sometimes anonymously to determine a great deal of information that could glean the tester, valid usernames, addresses, departmental details that could be utilised in a brute force or social engineering attack.

Tools:

Jxplorer - http://www.jxplorer.org/

LDAP Admin Tool - http://www.ldapsoft.com

Countermeasures:

  1. Use NTLM or Basic authentication to limit access to known users only.

  2. By default, LDAP traffic is transmitted unsecured; use SSL technology to encrypt the traffic.

  3. Select a username different from your email address and enable account lockout.

Related Topics