CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Active directory Explorer
  • 2. LDAP enumeration with python and Nmap
  • 3. LDAP Enumertion with ldapsearch

Was this helpful?

  1. Module 4. Enumeration

3. LDAP Enumeration (Port 389)

Gather information about usernames, addresses,departmental details, servers etc

Previous2. SNMP Enumeration (Port 161,162)Next4. NFS Enumeration

Last updated 6 months ago

Was this helpful?

LDAP (Lightweight Directory Access Protocol) is an Internet protocol for accessing distributed directory services over a network. LDAP uses DNS (Domain Name System) for quick lookups and fast resolution of queries. A client starts an LDAP session by connecting to a DSA (Directory System Agent), typically on TCP port 389, and sends an operation request to the DSA, which then responds. BER (Basic Encoding Rules) is used to transmit information between the client and the server. One can anonymously query the LDAP service for sensitive information such as usernames, addresses, departmental details, and server names.

1. Active directory Explorer

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. It can be used to navigate an AD database easily, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object’s schema, and execute sophisticated searches that can be saved and re-executed.

  1. Once, you open the tool, the Connect to Active Directory pop-up appears; type the IP address of the target in the Connect to field (here, we are targeting the Windows Server 2022 machine: 10.10.1.22) and click OK.

  2. The Active Directory Explorer displays the active directory structure in the left pane, as shown in the screenshot.

  3. Now, expand DC=CEH, DC=com, and CN=Users by clicking “+” to explore domain user details.

  4. Click any username (in the left pane) to display its properties in the right pane.

  5. Right-click any attribute in the right pane (here, displayName) and click Modify… from the context menu to modify the user’s profile.

  6. The Modify Attribute window appears. First, select the username under the Value section, and then click the Modify… button. The Edit Value pop-up appears. Rename the username in the Value data field and click OK to save the changes.

  7. You can read and modify other user profile attributes in the same way.

2. LDAP enumeration with python and Nmap

Nmap scan LDAP

sudo nmap -sU -p 389 192.168.18.110

Brute force LDAP

sudo nmap -p 389 --script ldap-brute --script-args '"cn=users,dc=CEH,dc=com"' 192.168.18.110

-p specifies the port. ldap-brute to brute the LDAP and args if set will be used as base to brute force.

Now start python3

python3
import ldap3

Now use the following commands

server=ldap3.server('192.168.18.110',get_info=ldap3.ALL,port=389)
connection=ldap3.connection(server)
connection.bind()
server.info

Now to get more information.

connection.search(search_base='DC=CEH,DC=COM',search_filter='(&(objectclass=*))',search_scope='SUBTREE',attributes='*') 
connection.entries
connection.search(search_base='DC=CEH,DC=COM',search_filter='(&(objectclass=person))',search_scope='SUBTREE',attributes='userpassword') 
connection.entries

3. LDAP Enumertion with ldapsearch

ldapsearch -h 192.168.18.110 -x -s base namingcontexts

-x simple authentication

-h specifies the host

-s specifies the scope

ldapsearch -h 192.168.18.110 -x -b "DC=CEH,DC=COM"

-b base DN for search

ldapsearch -h 192.168.18.110 -x -b "DC=CEH,DC=COM" "objectclass=*"

You can also use other LDAP enumeration tools such as Softerra LDAP Administrator (https://www.ldapadministrator.com), LDAP Admin Tool (https://www.ldapsoft.com), LDAP Account Manager (https://www.ldap-account-manager.org), and LDAP Search (https://securityxploded.com) to perform LDAP enumeration on the target.

Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
AD Explorer - Sysinternalsdocsmsft
Logo
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo