RE: Active Directory user enumeration

From: Free, Bob (RWF4@pge.com)
Date: Fri Jan 27 2006 - 16:43:47 EST

• Next message: FocusHacks: "Re: List of "clickable" on-line pen-test tools"
• Previous message: Frank: "DÍSCOUNTED VÍAGRA"
• Maybe in reply to: Uno Mille: "Active Directory user enumeration"
• Next in thread: jmk: "Re: Active Directory user enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The default behavior was changed in 2003. 2000 generally allowed
anonymous connections and then the results were based on the individual
objects' permissions. By default, anonymous LDAP operations, except
rootDSE searches and binds, are not permitted on Windows 2003 domain
controllers, any other query will result in domain controller requesting
authenticated bind to LDAP.

Anonymous LDAP operations to Active Directory are disabled on Windows
Server 2003 domain controllers:
http://support.microsoft.com/?kbid=326690

hth

-----Original Message-----
From: Sam Evans [mailto:wintrmte@gmail.com]
Sent: Thursday, January 26, 2006 9:50 PM
To: ilaiy
Cc: Frederic Charpentier; pen-test@securityfocus.com; Uno Mille
Subject: Re: Active Directory user enumeration

I'm not sure there is a way to enumerate AD through LDAP without
having to authenticate first. I have not tried it, but I am guessing
that Anonymous Bind is turned off by default (man, now I'm kinda
paranoid, I'll have to check!)

-Sam

On 1/26/06, ilaiy <ilaiy.e@gmail.com> wrote:
> Try this one for linux
>
> http://www-unix.mcs.anl.gov/~gawor/ldap/
>
> ./thanks
> ilaiy
>
> On 1/24/06, Frederic Charpentier <fcharpen@xmcopartners.com> wrote:
> > you can try the Softerra LDAP browser if the server allows anonymous
> > read access (which is often the case).
> >
> > http://download.softerra.com/files/ldapbrowser26.msi
> >
> > Fred
> >
> > Uno Mille wrote:
> > > Hello,
> > > I need to perform a pentest on an 2003 Active Directory
environment and I
> > > could not find a way to anonymously enumerate users, password
policy and etc
> > > as we normally do in a NT environment.
> > > Any way of doing it through LDAP without any authentication ?
> > > Regards,
> > > Uno

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: FocusHacks: "Re: List of "clickable" on-line pen-test tools"
• Previous message: Frank: "DÍSCOUNTED VÍAGRA"
• Maybe in reply to: Uno Mille: "Active Directory user enumeration"
• Next in thread: jmk: "Re: Active Directory user enumeration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:25 EDT