📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Web/App Pentesting

LDAP Injection

Notes on LDAP Injection and LDAP Fundamentals

1. Introduction to LDAP Injection

  • LDAP (Lightweight Directory Access Protocol) is used for accessing directory servers such as Active Directory (AD).

  • Web applications integrate LDAP for authentication and data retrieval.

  • LDAP Injection occurs when unsanitized user input is inserted into LDAP queries, leading to authentication bypass, data leakage, and privilege escalation.

2. LDAP Foundations

Key LDAP Terminology

  • Directory Server (DS): A database-like system storing directory data (e.g., OpenLDAP).

  • LDAP Entry: The basic data unit in LDAP containing:

    • Distinguished Name (DN): Unique identifier (e.g., uid=admin,dc=example,dc=com).

    • Attributes: Data fields (e.g., uid, cn, mail).

    • Object Classes: Defines entry types (e.g., Person, Group).

LDAP Operations

  • Bind: Authentication with the directory server.

  • Unbind: Close the client connection.

  • Add: Create a new entry.

  • Delete: Remove an entry.

  • Modify: Update an entry.

  • Search: Query directory entries.

3. LDAP Search Filter Syntax

  • LDAP queries use search filters enclosed in parentheses ().

  • Filters consist of an attribute, an operand, and a value.

Base Operand Filters

Name
Operand
Example
Description

Equality

=

(name=Kaylie)

Matches name=Kaylie

Greater-Than

>=

(uid>=10)

Matches uid ≥ 10

Less-Than

<=

(uid<=10)

Matches uid ≤ 10

Approximate

~=

(name~=Kaylie)

Matches similar values to Kaylie

Logical Combination Filters

Name
Operand
Example
Description

AND

&

(&(name=Kaylie)(title=Manager))

Matches both conditions

OR

`

`

`(

NOT

!

(!(name=Kaylie))

Excludes name=Kaylie

Boolean Filters

Name
Filter

True

(&)

False

`(

Wildcard Filters

Example
Description

(name=*)

Matches all entries with name attribute

(name=K*)

Matches names starting with K

(name=*a*)

Matches names containing a

4. Common LDAP Attribute Types

Attribute Type
Description

cn

Full Name

givenName

First Name

sn

Last Name

uid

User ID

objectClass

Object Type

distinguishedName

Unique Identifier

ou

Organizational Unit

title

Job Title

telephoneNumber

Phone Number

mail

Email Address

street

Street Address

postalCode

ZIP Code

member

Group Memberships

userPassword

User Password

Key Takeaways

  • LDAP is a structured query language for directory services.

  • LDAP Injection occurs when attackers manipulate input to change LDAP query behavior.

  • Logical operands (&, |, !) allow powerful filtering and are exploitable.

  • Input sanitization and proper escaping are crucial for preventing LDAP Injection.

PreviousPayloadsNextPort Swigger

Last updated 2 months ago