Re: Active Directory user enumeration

From: Robert Petrunic (robert@petrunic.com)
Date: Fri Jan 27 2006 - 03:40:46 EST

• Next message: Brian: "Windows XP - $65! Tons of Adobe, Microsoft, etc."
• Previous message: Billy: "Online Pharmacy - No Prescription needed!"
• In reply to: Sam Evans: "Re: Active Directory user enumeration"
• Next in thread: MOpsitos: "Re: Active Directory user enumeration"
• Reply: MOpsitos: "Re: Active Directory user enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try with Cain&Abel.
If administrator disabled anonymous user enumeration trough group policy you
can't do it.

Robert

----- Original Message -----
From: "Sam Evans" <wintrmte@gmail.com>
To: "ilaiy" <ilaiy.e@gmail.com>
Cc: "Frederic Charpentier" <fcharpen@xmcopartners.com>;
<pen-test@securityfocus.com>; "Uno Mille" <umil@hotmail.com>
Sent: Friday, January 27, 2006 6:50 AM
Subject: Re: Active Directory user enumeration

I'm not sure there is a way to enumerate AD through LDAP without
having to authenticate first. I have not tried it, but I am guessing
that Anonymous Bind is turned off by default (man, now I'm kinda
paranoid, I'll have to check!)

-Sam

On 1/26/06, ilaiy <ilaiy.e@gmail.com> wrote:
> Try this one for linux
>
> http://www-unix.mcs.anl.gov/~gawor/ldap/
>
> ./thanks
> ilaiy
>
> On 1/24/06, Frederic Charpentier <fcharpen@xmcopartners.com> wrote:
> > you can try the Softerra LDAP browser if the server allows anonymous
> > read access (which is often the case).
> >
> > http://download.softerra.com/files/ldapbrowser26.msi
> >
> > Fred
> >
> > Uno Mille wrote:
> > > Hello,
> > > I need to perform a pentest on an 2003 Active Directory environment
> > > and I
> > > could not find a way to anonymously enumerate users, password policy
> > > and etc
> > > as we normally do in a NT environment.
> > > Any way of doing it through LDAP without any authentication ?
> > > Regards,
> > > Uno
> >
> > --
> > Frederic Charpentier - Xmco Partners
> > Security Consulting / Pentest
> > web : http://www.xmcopartners.com/tests-intrusion.html
> >
> >
> > ------------------------------------------------------------------------------
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on
> > your
> > website. Up to 75% of cyber attacks are launched on shopping carts,
> > forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> > are
> > futile against web application hacking. Check your website for
> > vulnerabilities
> > to SQL injection, Cross site scripting and other web attacks before
> > hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> > -------------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Brian: "Windows XP - $65! Tons of Adobe, Microsoft, etc."
• Previous message: Billy: "Online Pharmacy - No Prescription needed!"
• In reply to: Sam Evans: "Re: Active Directory user enumeration"
• Next in thread: MOpsitos: "Re: Active Directory user enumeration"
• Reply: MOpsitos: "Re: Active Directory user enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT