RE: Active Directory user enumeration
- From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
- Date: Thu, 26 Jan 2006 07:21:15 -0500
> Hello,
> I need to perform a pentest on an 2003 Active Directory
> environment and I could not find a way to anonymously
> enumerate users, password policy and etc as we normally do in
> a NT environment. Any way of doing it through LDAP without
> any authentication ? Regards, Uno
Look at nessus tests. Hey can do it via registry entries (for password
policy) and sid's enumeration for users (unless anon settings == 2 on
AD)
If not, a little social engineering might get you a user level account.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Prev by Date: Pen Testing Novell
- Next by Date: Re: Active Directory user enumeration
- Previous by thread: Re: Active Directory user enumeration
- Next by thread: RE: Active Directory user enumeration
- Index(es):
Relevant Pages
|
|
