ldap_injection

Description

This is a example how bad implementation of ldap cause certain data leak

Used ldap server : ldap://ldap.forumsys.com:389

AIM

Find out anyone of the user mail,login with the mail and finally capture the flag

Launch Challenge

npm install

node ldap.js

flag

flag{L_D_A_P}

Solution

find any user uid using search functionality
Do blind based injection for email

Slides

https://docs.google.com/presentation/d/1EK3KgU7ylt9etJDPIibJznpMHxV_HYLfYeQsWGDznK0/edit?usp=sharing

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
exploit		exploit
public/css		public/css
views		views
README.md		README.md
ldap.js		ldap.js
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ldap_injection

Description

AIM

Launch Challenge

flag

Solution

Slides

About

Releases

Packages

Contributors 2

Languages

sayoojbkumar/ldap_injection

Folders and files

Latest commit

History

Repository files navigation

ldap_injection

Description

AIM

Launch Challenge

flag

Solution

Slides

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages