NSConclave, profile picture
Uploaded byNSConclave
PDF, PPTX808 views

LDAP Injection

This document discusses LDAP injection, an attack where malicious code is inserted into a user input field to gain unauthorized access. It provides an overview of LDAP syntax and injection, demonstrating how an attacker can bypass authentication by closing parentheses in the username field. The document also notes LDAP injection can lead to privilege escalation and information disclosure. It recommends escaping special characters, using frameworks that encode LDAP queries, and applying least privilege to secure applications from LDAP injection.

Embed presentation

Download as PDF, PPTX
LDAP Injection Swapnil Jain Date: 28 April 2020
#Who Am I ● Security Analyst ● Twitter @swapnil_jn
Overview ● LDAP Injection ● Authentication Bypass ● Demo ● Impact ● Securing Applications against LDAP Injection
LDAP Injection The Lightweight Directory Access Protocol(LDAP) is used to store information about users hosts, and many other objects. LDAP injection is a type of attack on a web application where attackers place code in a user input field in an attempt to gain unauthorized access or information.
Basic LDAP Syntax Common Operators: ● “=” (equal to) ● & (logical and) ● | (logical or) ● ! (logical not) ● * (wildcard) Filter: ● (cn=sam) ● (cn=s*) ● (|(cn=s*)(cn=t*)) ● (&(cn=s*)(sn=*d))
Normal Working (&(cn=admin)(passwd=secret)) LDAP Server Admin authenticated
Authentication Bypass Username: admin)(&)), Password: ignored Web Server LDAP Server Directory Search AdminSet Cookie: PHPSESSIONID=admin
Test Case ● <input type="text" size=20 name="name">Enter the Username to search for</input> ● Searchfilter="(cn="+name+")" admin)(|(password=*) (cn=admin)(|(password=*) )
Authentication Bypass (Normal Request)
Payload Creation Original Request : http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker&password =hacker Payload : name=hacker)(cn=*))%00 Changed request: http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker)(cn=*))%0 0&password=hacker
Authentication Bypass(Contd.)
Information Disclosure
Information Disclosure(Contd.)
Impact ● Authentication bypass ● Privilege escalation ● Information disclosure
Countermeasures ● LDAP special characters are safely escaped, including at least ( ) ! | & * ● Use Frameworks that Automatically Protect from LDAP Injection ○ LINQ to Active Directory provides LDAP encoding when building LDAP queries. ● Least privilege
Thank You

More Related Content

PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PDF
Attacker's Perspective of Active Directory
bySunny Neo
 
PDF
Regular Expression Injection
byNSConclave
 
PDF
A Year in the Empire
byWill Schroeder
 
PPTX
Kheirkhabarov24052017_phdays7
byTeymur Kheirkhabarov
 
PDF
A Threat Hunter Himself
bySergey Soldatov
 
PDF
Penetration Testing Report
byAman Srivastava
 
PPTX
I hunt sys admins 2.0
byWill Schroeder
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Attacker's Perspective of Active Directory
bySunny Neo
 
Regular Expression Injection
byNSConclave
 
A Year in the Empire
byWill Schroeder
 
Kheirkhabarov24052017_phdays7
byTeymur Kheirkhabarov
 
A Threat Hunter Himself
bySergey Soldatov
 
Penetration Testing Report
byAman Srivastava
 
I hunt sys admins 2.0
byWill Schroeder
 

What's hot

PPTX
Basic malware analysis
bysecurityxploded
 
PPTX
Click jacking
byRonan Dunne, CEH, SSCP
 
PPTX
Penetration testing reporting and methodology
byRashad Aliyev
 
PDF
The Hunter Games: How to Find the Adversary with Event Query Language
byRoss Wolf
 
PPTX
Malware analysis
byPrakashchand Suthar
 
PPTX
Malware Analysis
byPrashant Gupta
 
PPTX
XSS - Do you know EVERYTHING?
byYurii Bilyk
 
PPTX
Secure coding practices
byMohammed Danish Amber
 
PPTX
Pentesting ReST API
byNutan Kumar Panda
 
PDF
Cross site scripting attacks and defenses
byMohammed A. Imran
 
PPTX
Cross Site Scripting
byAli Mattash
 
PDF
Security Onion
byn|u - The Open Security Community
 
PDF
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
PPTX
Introduction to Offensive Security.pptx
byMaaitrayoDas
 
PDF
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
PPTX
Metasploit
byLalith Sai
 
PPTX
Spoofing Techniques
byRaza_Abidi
 
PPTX
Sql injection
byZidh
 
PPTX
Cross Site Scripting Defense Presentation
byIkhade Maro Igbape
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
Basic malware analysis
bysecurityxploded
 
Click jacking
byRonan Dunne, CEH, SSCP
 
Penetration testing reporting and methodology
byRashad Aliyev
 
The Hunter Games: How to Find the Adversary with Event Query Language
byRoss Wolf
 
Malware analysis
byPrakashchand Suthar
 
Malware Analysis
byPrashant Gupta
 
XSS - Do you know EVERYTHING?
byYurii Bilyk
 
Secure coding practices
byMohammed Danish Amber
 
Pentesting ReST API
byNutan Kumar Panda
 
Cross site scripting attacks and defenses
byMohammed A. Imran
 
Cross Site Scripting
byAli Mattash
 
Security Onion
byn|u - The Open Security Community
 
PHDays 2018 Threat Hunting Hands-On Lab
byTeymur Kheirkhabarov
 
Introduction to Offensive Security.pptx
byMaaitrayoDas
 
Secure coding presentation Oct 3 2020
byMoataz Kamel
 
Metasploit
byLalith Sai
 
Spoofing Techniques
byRaza_Abidi
 
Sql injection
byZidh
 
Cross Site Scripting Defense Presentation
byIkhade Maro Igbape
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 

Similar to LDAP Injection

PPTX
ldagwvwvbwbwvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvpinjection.pptx
byVikasTuwar1
 
PPTX
Secure Code Warrior - LDAP injection
bySecure Code Warrior
 
PPTX
Ldap injection
bySujay Gankidi
 
PDF
LDAP Injection & Blind LDAP Injection in Web Applications
byChema Alonso
 
PDF
LDAP Injections & Blind LDAP Injections Paper
byE Hacking
 
PDF
LDAP Injection Techniques
byChema Alonso
 
PDF
introduction to ldap
byThevakumar Presanth
 
PPT
LDAP Injection & Blind LDAP Injection
byChema Alonso
 
PDF
Persistant Cookies and LDAP Injection
byMaulikLakhani
 
PDF
Ldap 121020013604-phpapp01
bySANE Ibrahima
 
PDF
Ldap introduction (eng)
byAnatoliy Okhotnikov
 
PPT
AD & LDAP
byCynoteck Technology Solutions Private Limited
 
PDF
Do The Right Thing! How LDAP servers should help LDAP clients
byLDAPCon
 
PDF
Practical-LDAP-and-Linux
byBalaji Ravi
 
ldagwvwvbwbwvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvpinjection.pptx
byVikasTuwar1
 
Secure Code Warrior - LDAP injection
bySecure Code Warrior
 
Ldap injection
bySujay Gankidi
 
LDAP Injection & Blind LDAP Injection in Web Applications
byChema Alonso
 
LDAP Injections & Blind LDAP Injections Paper
byE Hacking
 
LDAP Injection Techniques
byChema Alonso
 
introduction to ldap
byThevakumar Presanth
 
LDAP Injection & Blind LDAP Injection
byChema Alonso
 
Persistant Cookies and LDAP Injection
byMaulikLakhani
 
Ldap 121020013604-phpapp01
bySANE Ibrahima
 
Ldap introduction (eng)
byAnatoliy Okhotnikov
 
AD & LDAP
byCynoteck Technology Solutions Private Limited
 
Do The Right Thing! How LDAP servers should help LDAP clients
byLDAPCon
 
Practical-LDAP-and-Linux
byBalaji Ravi
 

More from NSConclave

PDF
RED-TEAM_Conclave
byNSConclave
 
PPTX
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
PPTX
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
PPTX
Debugging Android Native Library
byNSConclave
 
PPTX
Burp Suite Extension Development
byNSConclave
 
PDF
Log Analysis
byNSConclave
 
PDF
HTML5 Messaging (Post Message)
byNSConclave
 
PDF
Node.js Deserialization
byNSConclave
 
PDF
RIA Cross Domain Policy
byNSConclave
 
PDF
Python Deserialization Attacks
byNSConclave
 
PDF
Sandboxing
byNSConclave
 
PDF
NoSql Injection
byNSConclave
 
PDF
Thick Client Testing Advanced
byNSConclave
 
PDF
Thick Client Testing Basics
byNSConclave
 
PDF
Markdown
byNSConclave
 
PDF
Docker 101
byNSConclave
 
PDF
Security Architecture Consulting - Hiren Shah
byNSConclave
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
PDF
Lets get started with car hacking - Ankit Joshi
byNSConclave
 
PDF
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
byNSConclave
 
RED-TEAM_Conclave
byNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
Debugging Android Native Library
byNSConclave
 
Burp Suite Extension Development
byNSConclave
 
Log Analysis
byNSConclave
 
HTML5 Messaging (Post Message)
byNSConclave
 
Node.js Deserialization
byNSConclave
 
RIA Cross Domain Policy
byNSConclave
 
Python Deserialization Attacks
byNSConclave
 
Sandboxing
byNSConclave
 
NoSql Injection
byNSConclave
 
Thick Client Testing Advanced
byNSConclave
 
Thick Client Testing Basics
byNSConclave
 
Markdown
byNSConclave
 
Docker 101
byNSConclave
 
Security Architecture Consulting - Hiren Shah
byNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
Lets get started with car hacking - Ankit Joshi
byNSConclave
 
Advanced Wireless Reconnaissance And Testing - Rohit Jadav
byNSConclave
 

Recently uploaded

PPTX
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
PPTX
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PDF
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
PDF
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PPTX
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
PDF
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
Prime Teams – Real-Time Employee Monitoring & Project Management Software
byPrime Teams
 
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Taxi App UIUX Design for Seamless Ride Booking
byV3CUBE TECHNOLABS
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Odoo ERP Implementation Setup: Step-by-Step Process
byShiv Technolabs Pvt. Ltd.
 
Animated Safety Induction: A Smarter Way to Onboard for Workplace Safety
byTECH EHS Solution
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 

LDAP Injection