RE: LDAP Pentest
From: Clement Dupuis (cdupuis_at_cccure.org)
Date: 09/18/04
- Previous message: Lachniet, Mark: "RE: Web Application Tester"
- In reply to: andre lista: "LDAP Pentest"
- Next in thread: Frederic Charpentier: "Re: LDAP Pentest"
- Reply: Frederic Charpentier: "Re: LDAP Pentest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'andre lista'" <andre_lista@pop.com.br>, <pen-test@securityfocus.com> Date: Sat, 18 Sep 2004 10:27:55 -0400
Good day Andre,
There is a paper on LDAPInjection that you can download at:
http://www.professionalsecuritytesters.org/modules.php?name=Downloads&d_op=v
iewdownload&cid=15
Do not rule out ldp.exe that comes with the Windows Support tool, you can
find a step by step example of using the tool for exploitation at:
http://www.professionalsecuritytesters.org/modules.php?name=Downloads&d_op=v
iewdownload&cid=15
Also look under the Web Links section of the PST at:
http://www.professionalsecuritytesters.org/modules.php?name=Web_Links
There are only a few links but not much, if anyone has good links, I invite
you to add them to the list.
Finally there is an older tool called LDAPminer that I have not used in a
while that was developed to probe mainly exchange and netscape directories.
You can find it as well at:
http://www.professionalsecuritytesters.org/modules.php?name=Downloads&d_op=v
iewdownload&cid=15
Let me know if you find any other resources
Take care
Clement
Maintainer of the PST warehouse
http://www.professionalsecuritytesters.org
> -----Original Message-----
> From: andre lista [mailto:andre_lista@pop.com.br]
> Sent: Thursday, September 16, 2004 6:56 PM
> To: pen-test@securityfocus.com
> Subject: LDAP Pentest
>
> All,
>
> I would like to know if there is any tools or other related material that
> could
> help me on one LDAP directory pentest.
>
> Thanks in Advance,
> ANdre
>
>
> --------------------------------------------------------------------------
> ----
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a
> course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
> -----
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
- Previous message: Lachniet, Mark: "RE: Web Application Tester"
- In reply to: andre lista: "LDAP Pentest"
- Next in thread: Frederic Charpentier: "Re: LDAP Pentest"
- Reply: Frederic Charpentier: "Re: LDAP Pentest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
