Sujay Gankidi, profile picture
Uploaded bySujay Gankidi
PPTX, PDF663 views

Ldap injection

This document discusses LDAP injection and provides information about LDAP, its advantages and allowed operations. It describes LDAP search and retrieval using filters and nested expressions. The document demonstrates LDAP injection using a null base connection and injected code. It recommends preventing injection by validating input and using encoding methods like ESAPI.

Software
Related topics:
Information Security

Embed presentation

Downloaded 13 times
LDAP Injection Sujay Gankidi 28-Nov-2015
LDAP •Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network (RFC 4511) https://en.wikipedia.org/wiki/Lightweight_ Directory Access Protocol LDAP •leverage already existing active directory server •Users don’t have to remember your application password •enforce single password policy across all applications •account lockouts •Faster search and retrieval Advantages •TCP and UDP port 389, or port 636 for LDAPS •Global Catalog is available by default on ports 3268, and 3269 for LDAPS. Ports of Interest •StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection •Bind — authenticate and specify LDAP protocol version •Search — search for and/or retrieve directory entries •Compare — test if a named entry contains a given attribute value •Add a new entry •Delete an entry •Modify an entry •Modify Distinguished Name (DN) — move or rename an entry •Abandon — abort a previous request •Extended Operation — generic operation used to define other operations •Unbind — close the connection (not the inverse of Bind) Allowed Operations
LDAP Search and Retrieval • LDAP Search filter consists of one or more Boolean expressions, with logical operators prefixed to the expression list • Boolean expression format for LDAP ▫ Attribute Operator Value ▫ Operators {=, ~=, <, <=, >, >= , !} • Nested Filters ▫ AND (& (E1) (E2) (E3) (E4)) ▫ OR (| (E1) (E2) ) ▫ Combined (|(& (E1) (E2) )(& (E3) (E4)))
LDAP Injection • DEMO ▫ LDAP Null base connections ▫ LDAP Injection User Injected code: (cn=*) – condition is always true . %00 – Null , Lets stop searching here ;) Reference: https://pentesterlab.com/exercises/web_for_pentester
Prevention • validate input • OWASP ESAPI ▫ String encodeForLDAP(String input); ▫ String encodeForDN(String input);
Tan-Q

More Related Content

PDF
Expert Roundtable: The Future of Metadata After Hive Metastore
bylakeFS
 
PPTX
Updating the Globus Connect Architecture - ARCC Workshop at PEARC17
byMary Bass
 
PPTX
Openstack trove-updates
byJesse Wiles
 
PDF
Open Cloud Computing Interface
byAugusto Ciuffoletti
 
PDF
Vip2p
byINRIA-OAK
 
PPTX
Globus: Research Data Management as Service and Platform - pearc17
byMary Bass
 
PDF
Storage Solutions from General Atomics
byIgor Sfiligoi
 
PDF
Connecting Your System to Globus (APS Workshop)
byGlobus
 
Expert Roundtable: The Future of Metadata After Hive Metastore
bylakeFS
 
Updating the Globus Connect Architecture - ARCC Workshop at PEARC17
byMary Bass
 
Openstack trove-updates
byJesse Wiles
 
Open Cloud Computing Interface
byAugusto Ciuffoletti
 
Vip2p
byINRIA-OAK
 
Globus: Research Data Management as Service and Platform - pearc17
byMary Bass
 
Storage Solutions from General Atomics
byIgor Sfiligoi
 
Connecting Your System to Globus (APS Workshop)
byGlobus
 

What's hot

PPTX
Globus and Dataverse: Towards big Data Publication
byGlobus
 
PDF
What's New in Globus - Internet2 TechEXtra
byGlobus
 
PPTX
Data interoperability toolkit (OpenMinTeD)
bypetrknoth
 
PDF
Introduction to the Globus Platform (APS Workshop)
byGlobus
 
PPTX
"What's New With Globus" Webinar: Spring 2018
byGlobus
 
PDF
GlobusWorld 2021 Tutorial: Building with the Globus Platform
byGlobus
 
PDF
Instrument Data Orchestration with Globus Search and Flows
byGlobus
 
PDF
Data Orchestration at Scale (GlobusWorld Tour West)
byGlobus
 
PDF
GlobusWorld 2021 Tutorial: The Globus CLI, Platform and SDK
byGlobus
 
PDF
GlobusWorld 2021 Tutorial: Introduction to Globus
byGlobus
 
PDF
XDC demo: CTA
byEOSC-hub project
 
PPT
4.file service architecture (1)
byAbDul ThaYyal
 
PDF
A Data API with Security and Graph-Level Access Control
byBarry Norton
 
PDF
Globus Portal Framework (APS Workshop)
byGlobus
 
PDF
Introduction to Globus (GlobusWorld Tour West)
byGlobus
 
PDF
Introduction to Globus (APS Workshop)
byGlobus
 
PDF
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
byGlobus
 
PDF
GlobusWorld 2021 Tutorial: Globus for System Administrators
byGlobus
 
PDF
Solution Manager in Denodo Platform 7.0: Admin Made Simple
byDenodo
 
PDF
[OW2Con 2018] The FusionIAM project
byClément OUDOT
 
Globus and Dataverse: Towards big Data Publication
byGlobus
 
What's New in Globus - Internet2 TechEXtra
byGlobus
 
Data interoperability toolkit (OpenMinTeD)
bypetrknoth
 
Introduction to the Globus Platform (APS Workshop)
byGlobus
 
"What's New With Globus" Webinar: Spring 2018
byGlobus
 
GlobusWorld 2021 Tutorial: Building with the Globus Platform
byGlobus
 
Instrument Data Orchestration with Globus Search and Flows
byGlobus
 
Data Orchestration at Scale (GlobusWorld Tour West)
byGlobus
 
GlobusWorld 2021 Tutorial: The Globus CLI, Platform and SDK
byGlobus
 
GlobusWorld 2021 Tutorial: Introduction to Globus
byGlobus
 
XDC demo: CTA
byEOSC-hub project
 
4.file service architecture (1)
byAbDul ThaYyal
 
A Data API with Security and Graph-Level Access Control
byBarry Norton
 
Globus Portal Framework (APS Workshop)
byGlobus
 
Introduction to Globus (GlobusWorld Tour West)
byGlobus
 
Introduction to Globus (APS Workshop)
byGlobus
 
Introduction to the Globus SaaS (GlobusWorld Tour - STFC)
byGlobus
 
GlobusWorld 2021 Tutorial: Globus for System Administrators
byGlobus
 
Solution Manager in Denodo Platform 7.0: Admin Made Simple
byDenodo
 
[OW2Con 2018] The FusionIAM project
byClément OUDOT
 

Viewers also liked

PPT
LDAP Injection & Blind LDAP Injection
byChema Alonso
 
PDF
LDAP Injection Techniques
byChema Alonso
 
PPT
The real and another
byIshika Biswas
 
PDF
Clientside attack using HoneyClient Technology
byJulia Yu-Chin Cheng
 
PPT
Staged Patching Approach in Oracle E-Business Suite
byvasuballa
 
PDF
Comparative Study of Mod Security (Autosaved)
byDashti Abdullah
 
PDF
Honeywall roo 2
byJulia Yu-Chin Cheng
 
PDF
Cyber Security Visualization
byDoug Cogswell
 
PPT
The Beginning Of World War Ii
bykathomas
 
PDF
Building Client-Side Attacks with HTML5 Features
byConviso Application Security
 
PPTX
Let Your Mach-O Fly, Black Hat DC 2009
byVincenzo Iozzo
 
PPTX
Detecting Evasive Malware in Sandbox
byRahul Mohandas
 
PDF
3 Enablers of Successful Cyber Attacks and How to Thwart Them
byIBM Security
 
PPTX
How to Audit Firewall, what are the standard Practices for Firewall Audit
bykeyuradmin
 
PDF
Client Side Honeypots
byamiable_indian
 
PPTX
Veil Evasion and Client Side Attacks
byn|u - The Open Security Community
 
PPT
Next Generation Advanced Malware Detection and Defense
byLuca Simonelli
 
PPT
Firewall Penetration Testing
byChirag Jain
 
PDF
Honeycon2016-honeypot updates for public
byJulia Yu-Chin Cheng
 
PPTX
The Veil-Framework
byVeilFramework
 
LDAP Injection & Blind LDAP Injection
byChema Alonso
 
LDAP Injection Techniques
byChema Alonso
 
The real and another
byIshika Biswas
 
Clientside attack using HoneyClient Technology
byJulia Yu-Chin Cheng
 
Staged Patching Approach in Oracle E-Business Suite
byvasuballa
 
Comparative Study of Mod Security (Autosaved)
byDashti Abdullah
 
Honeywall roo 2
byJulia Yu-Chin Cheng
 
Cyber Security Visualization
byDoug Cogswell
 
The Beginning Of World War Ii
bykathomas
 
Building Client-Side Attacks with HTML5 Features
byConviso Application Security
 
Let Your Mach-O Fly, Black Hat DC 2009
byVincenzo Iozzo
 
Detecting Evasive Malware in Sandbox
byRahul Mohandas
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
byIBM Security
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
bykeyuradmin
 
Client Side Honeypots
byamiable_indian
 
Veil Evasion and Client Side Attacks
byn|u - The Open Security Community
 
Next Generation Advanced Malware Detection and Defense
byLuca Simonelli
 
Firewall Penetration Testing
byChirag Jain
 
Honeycon2016-honeypot updates for public
byJulia Yu-Chin Cheng
 
The Veil-Framework
byVeilFramework
 

Similar to Ldap injection

PPT
AD & LDAP
byCynoteck Technology Solutions Private Limited
 
PDF
LDAP Injections & Blind LDAP Injections Paper
byE Hacking
 
PPTX
An introduction to Openldap presentation.pptx
bysyst3rs
 
PDF
LDAP Injection & Blind LDAP Injection in Web Applications
byChema Alonso
 
PPTX
Fox pass
byfoxpass
 
PPT
The Ldap Protocol
byGlen Plantz
 
PDF
Using OpenLDAP
byWildan Maulana
 
PDF
LDAP Injection
byNSConclave
 
DOC
Ldap
byShiva Krishna Chandra Shekar
 
PDF
introduction to ldap
byThevakumar Presanth
 
PPTX
Ldap
byHigher Private School of Engineering and Technology
 
PPTX
Ldap
byfoxpass
 
PDF
Directory Servers and LDAP
byWildan Maulana
 
PDF
Ldap 121020013604-phpapp01
bySANE Ibrahima
 
PDF
Ldap introduction (eng)
byAnatoliy Okhotnikov
 
PPT
Ldap system administration
byAli Abdo
 
PPT
UnderstandingLDAP.ppt
byEfrizal Zaida
 
PDF
Introduction to Perl Net::LDAP
byClément OUDOT
 
PPTX
LDAP - Lightweight Directory Access Protocol
byS. Hasnain Raza
 
PDF
Practical-LDAP-and-Linux
byBalaji Ravi
 
AD & LDAP
byCynoteck Technology Solutions Private Limited
 
LDAP Injections & Blind LDAP Injections Paper
byE Hacking
 
An introduction to Openldap presentation.pptx
bysyst3rs
 
LDAP Injection & Blind LDAP Injection in Web Applications
byChema Alonso
 
Fox pass
byfoxpass
 
The Ldap Protocol
byGlen Plantz
 
Using OpenLDAP
byWildan Maulana
 
LDAP Injection
byNSConclave
 
Ldap
byShiva Krishna Chandra Shekar
 
introduction to ldap
byThevakumar Presanth
 
Ldap
byHigher Private School of Engineering and Technology
 
Ldap
byfoxpass
 
Directory Servers and LDAP
byWildan Maulana
 
Ldap 121020013604-phpapp01
bySANE Ibrahima
 
Ldap introduction (eng)
byAnatoliy Okhotnikov
 
Ldap system administration
byAli Abdo
 
UnderstandingLDAP.ppt
byEfrizal Zaida
 
Introduction to Perl Net::LDAP
byClément OUDOT
 
LDAP - Lightweight Directory Access Protocol
byS. Hasnain Raza
 
Practical-LDAP-and-Linux
byBalaji Ravi
 

Recently uploaded

PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PDF
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PDF
Build a Scalable On-Demand Courier Service App
byV3CUBE TECHNOLABS
 
PPTX
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PPTX
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PDF
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
PDF
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
PPTX
2025 S/4HANA Cloud Release Upgrade Overview.pptx
byssuser835a7b
 
PDF
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
Track Phone Location on iPhone (2026)_ What Actually Works, What’s a Scam, an...
byOlive Dimitrescu
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
Build a Scalable On-Demand Courier Service App
byV3CUBE TECHNOLABS
 
GraphQL Day Paris 2025 | Bringing DevOps to GraphQL with the Apollo GraphOS O...
byapidays
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
SAP S4 HANA Conversion and Migration .pptx
bysabeenakouser
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Complete iOS Delivery App Features & Admin Tools
byShiv Technolabs Pvt. Ltd.
 
Ultimate Guide to CMMS An In-Depth Analysis - Zapium
byhello208828
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
On Demand Grocery Delivery App Development
byV3CUBE TECHNOLABS
 
2025 S/4HANA Cloud Release Upgrade Overview.pptx
byssuser835a7b
 
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 

Ldap injection

  • 1.
  • 2.
    LDAP •Open, vendor-neutral, industrystandard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network (RFC 4511) https://en.wikipedia.org/wiki/Lightweight_ Directory Access Protocol LDAP •leverage already existing active directory server •Users don’t have to remember your application password •enforce single password policy across all applications •account lockouts •Faster search and retrieval Advantages •TCP and UDP port 389, or port 636 for LDAPS •Global Catalog is available by default on ports 3268, and 3269 for LDAPS. Ports of Interest •StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection •Bind — authenticate and specify LDAP protocol version •Search — search for and/or retrieve directory entries •Compare — test if a named entry contains a given attribute value •Add a new entry •Delete an entry •Modify an entry •Modify Distinguished Name (DN) — move or rename an entry •Abandon — abort a previous request •Extended Operation — generic operation used to define other operations •Unbind — close the connection (not the inverse of Bind) Allowed Operations
  • 3.
    LDAP Search andRetrieval • LDAP Search filter consists of one or more Boolean expressions, with logical operators prefixed to the expression list • Boolean expression format for LDAP ▫ Attribute Operator Value ▫ Operators {=, ~=, <, <=, >, >= , !} • Nested Filters ▫ AND (& (E1) (E2) (E3) (E4)) ▫ OR (| (E1) (E2) ) ▫ Combined (|(& (E1) (E2) )(& (E3) (E4)))
  • 4.
    LDAP Injection • DEMO ▫LDAP Null base connections ▫ LDAP Injection User Injected code: (cn=*) – condition is always true . %00 – Null , Lets stop searching here ;) Reference: https://pentesterlab.com/exercises/web_for_pentester
  • 5.
    Prevention • validate input •OWASP ESAPI ▫ String encodeForLDAP(String input); ▫ String encodeForDN(String input);
  • 6.