RE: LDAP Injection

From: Erez Metula <erezmetula@xxxxxxxxxxxxxx>
Date: Wed, 18 Mar 2009 16:35:50 +0200

Hey Jon,
Give a try to the "Ldap Injector" tool (Alonso/Parada), capable of performing blind ldap injection attacks.

Cheers,
Erez.
________________________________

Erez Metula, CISSP
Application Security Department Manager, 2BSecure
Mobile: 972-54-2108830 Office: 972-3-6492007

Attend the next ".NET Framework Rootkits" presentation at the following conferences:
CanSecWest Vancouver, 19 Mar. 2009
BlackHat Europe, 17 Apr. 2009

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Nikhil Wagholikar
Sent: Wednesday, March 04, 2009 2:51 AM
To: pen-test list
Subject: Re: LDAP Injection

Hi Jon,

You can give a try to SecurityQA Toolbar from iSEC Partners.

More Info: http://www.isecpartners.com/SecurityQAToolbar.html

---
Nikhil Wagholikar
Practice Lead | Security Assessment & Digital Forensics
Network Intelligence (I) Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://www.niiconsulting.com/services/education/Training%20Calendar.html

2009/2/28 Jon Kibler <Jon.Kibler@xxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Anyone know of a tool for automated LDAP injection?

How about a tool set that will assist with LDAP injection, even it the
tool does not automate the attack?

THANKS!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmoowYACgkQUVxQRc85QlNcTgCfTnU2Opi2N8EgGAcoyhX5jrIV
0iwAniV+jEmlMiWG77rHATf4DqFu5yOz
=0CpI
-----END PGP SIGNATURE-----

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

References:
- Re: LDAP Injection
  - From: Nikhil Wagholikar

Prev by Date: launching the Interceptor
Next by Date: Re: Startup security lab setup
Previous by thread: Re: LDAP Injection
Next by thread: sqlsus 0.2 released !
Index(es):
- Date
- Thread