RE: LDAP Injection



Hey Jon,
Give a try to the "Ldap Injector" tool (Alonso/Parada), capable of performing blind ldap injection attacks.

Cheers,
Erez.
________________________________

Erez Metula, CISSP
Application Security Department Manager, 2BSecure
Mobile: 972-54-2108830 Office: 972-3-6492007

Attend the next ".NET Framework Rootkits" presentation at the following conferences:
CanSecWest Vancouver, 19 Mar. 2009
BlackHat Europe, 17 Apr. 2009



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Nikhil Wagholikar
Sent: Wednesday, March 04, 2009 2:51 AM
To: pen-test list
Subject: Re: LDAP Injection

Hi Jon,

You can give a try to SecurityQA Toolbar from iSEC Partners.

More Info: http://www.isecpartners.com/SecurityQAToolbar.html

---
Nikhil Wagholikar
Practice Lead | Security Assessment & Digital Forensics
Network Intelligence (I) Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://www.niiconsulting.com/services/education/Training%20Calendar.html

2009/2/28 Jon Kibler <Jon.Kibler@xxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Anyone know of a tool for automated LDAP injection?

How about a tool set that will assist with LDAP injection, even it the
tool does not automate the attack?

THANKS!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmoowYACgkQUVxQRc85QlNcTgCfTnU2Opi2N8EgGAcoyhX5jrIV
0iwAniV+jEmlMiWG77rHATf4DqFu5yOz
=0CpI
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.







------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------