LDAP
Lightweight Directory Access Protocol (LDAP) is a protocol used for accessing and managing directory information services.
It's commonly associated with Active Directory and openldap, which are directory, e.g. databases optimized for read-heavy access.
ποΈ Ports: 389 (TCP)
π₯ LDAP communications are not encrypted.
π There is a secure version called LDAPS (port 636, over SSL/TLS).
LDAP is derived from the X.500 standards. Messages exchanged between LDAP clients and servers are encoded using ASN.1.
A simple unencoded LDAP message:
cn=John Doe,ou=Users,dc=example,dc=com
LDAP Pentester Notes β οΈ
You can use ldapsearch to find database entries.
$ ldapsearch -H ldap://ldap.example.com:389 -D "cn=admin,dc=example,dc=com" -w password -b "dc=example,dc=com" "(cn=John Doe)"
-
-H
: use a custom socket -
-D
/-w
: specify authentication data -
-x
: use basic authentication -
-b
: indicate the root of the search
About LDAP syntax:
-
*
refers to "any" -
()
is used to group an expression -
&
/|
are respectively the logical 'AND' and 'OR'