Jump to content


Photo

LDAP Phonebook


  • This topic is locked This topic is locked
7 replies to this topic

#1 dmccabe

dmccabe

    Advanced Member

  • Members
  • PipPipPip
  • 408 posts
  • LocationUK

Posted 14 March 2008 - 05:47 AM

I have created a simple LDAP phonebook (well when I say created, I mean I downloaded part of it, it didnt work, I hacked it to bits and then have uploaded it again for you good people), it was created for Active Directory, but should by rights work with any ldap server.

You may need to tinker with some of the settings to get it to work for your environment, but I have included a readme that should explain all.

Anyway if you wanna try it out, download: http://www.techmonke...adphonebook.zip

Let me know if it works or not!




- Darren
=============================================
if ($nick == dmccabe) { $n00b == TRUE; }

I am 1% skill and 99% guess work at the moment, so bear that mind if I am helping you :)


#2 dmccabe

dmccabe

    Advanced Member

  • Members
  • PipPipPip
  • 408 posts
  • LocationUK

Posted 14 March 2008 - 01:03 PM

would appreciate some feedback if anyone has tried it.

One small thing I have noticed is that in ldadp.config.php where I have the $base_dn variable you may need to change "OU" to "cn"

eg: $base_dn = "cn=Users, DC=slmhc, DC=net";

This is if you have all your users contained inside the "users" container and have not fluffed about with your ldap setup like I have :)
- Darren
=============================================
if ($nick == dmccabe) { $n00b == TRUE; }

I am 1% skill and 99% guess work at the moment, so bear that mind if I am helping you :)


#3 Naatan

Naatan

    Newbie

  • New Members
  • Pip
  • 1 posts
  • LocationNetherlands

Posted 18 April 2008 - 04:38 PM

Why don't you make a demo available online?

I doubt a lot of people have an ldap server available to do some testing on.

Naatan.com - Blog & Wordpress Plugins | Divia-CMS.com (OpenSource)

#4 gpettit

gpettit

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 19 August 2008 - 07:41 PM

Hey all,

I tried this it looks great... I am not able to search... Is there any way to get it to generate an error or maybe a pointer.

I am using the WAMPServer 2 I have turned on the LDAP extentions for both Apache and PHP the restared the services.

So any help would be great.

Thanks,

Glen

#5 darkfreaks

darkfreaks

    Advanced Member

  • Members
  • PipPipPip
  • 4,942 posts
  • LocationAustin,Texas

Posted 19 August 2008 - 08:13 PM

HTTP TRACE method is enabled on this web server.
In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.
How to fix this vulnerability
Disable TRACE Method on the web server.\

PHPinfo page found
PHPinfo page has been found on this directory. The PHPinfo page outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.
This vulnerability affects /phpinfo.php.
The impact of this vulnerability
This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.

How to fix this vulnerability

Remove the file from production systems.


#6 darkfreaks

darkfreaks

    Advanced Member

  • Members
  • PipPipPip
  • 4,942 posts
  • LocationAustin,Texas

Posted 30 August 2008 - 03:32 PM

*****************
XSS Analysis BEGIN
*****************

Number of sinks: 57

XSS Analysis Output
--------------------

Vulnerability detected!
- conditional on register_globals=on
- pixy_1220128249DT0PAY:27
- Graph: xss1

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:122
- Graph: xss4

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:125
- Graph: xss7

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:126
- Graph: xss8

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:136
- Graph: xss18

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:137
- Graph: xss19

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:138
- Graph: xss20

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:139
- Graph: xss21

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:140
- Graph: xss22

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:141
- Graph: xss23

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:148
- Graph: xss27

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:157
- Graph: xss32

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:233
- Graph: xss36

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:235
- Graph: xss37

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:248
- Graph: xss38

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:249
- Graph: xss40

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:250
- Graph: xss42

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:251
- Graph: xss44

Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:252
- Graph: xss46

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:272
- Graph: xss49

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:273
- Graph: xss50

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:274
- Graph: xss51

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:275
- Graph: xss52

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:276
- Graph: xss53

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:277
- Graph: xss54

Unmodeled builtin function: ldap_get_entries
Vulnerability detected!
- unconditional
- pixy_1220128249DT0PAY:282
- Graph: xss56

Total Vuln Count: 26

*****************
XSS Analysis END
*****************


#7 untitledav

untitledav

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 20 December 2011 - 03:35 PM

First i would like to say hello to everyone on this awesome forums!!!!
Im total noob when it comes to programing but you have to start sometime right?  :-[

Anyway i found this post and awesome script that pulls info from AD, im going to test it on win2008 server, i wonder if it will work.....
Any suggestions as far as win2008 server and this script? i noticed that there are comments for win2K and win2K3.

Thanks!!!!!!

#8 Pikachu2000

Pikachu2000

    I hate everything.

  • Staff Alumni
  • 11,378 posts
  • LocationFuture Independent Republic of Texas
  • Age:106

Posted 20 December 2011 - 04:39 PM

Perhaps you didn't notice that this thread is nearly 4 years old.
"Java" is to "Javascript" about the same as "fun" is to "funeral".

Why $_SERVER['PHP_SELF'] is bad. || Why ORDER BY RAND() is bad || Every problem can be solved with rm -rf *

Random Quote: "




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com