You have not logged in. Access is limited, Please login to get full Access
Logo

LDAP (Lightweight Directory Access Protocol)

LDAP (Lightweight Directory Access Protocol) is an open, industry-standard protocol used to access and manage directory services over a network. It enables authentication, authorization, and information retrieval from directory servers like Microsoft Active Directory. LDAP stores hierarchical data, including user credentials, groups, and policies, making it essential for identity management. Organizations use LDAP for centralized authentication, ensuring secure access control while integrating with various applications and services for seamless user management.

What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a protocol used to query, manage, and authenticate objects (users, computers, groups) stored in a directory service like Active Directory (AD). It allows applications, systems, and users to search, retrieve, and modify directory data efficiently.
 Where is LDAP Used?
●    User Authentication: Verifies login credentials against AD.

●    Directory Lookup: Retrieves user details (email, groups, roles).

●    Application Integration: Connects AD to apps like Single Sign-On (SSO).

●    Permission Management: Checks user roles before granting access to resources.

________________________________________
 How LDAP Works (Step-by-Step Mechanism)

 1. Client Connects to LDAP Server
●    The client (user/system) sends a request to the LDAP server.

●    The server runs as part of Active Directory Domain Services (AD DS).


 2. Authentication (Bind Request)
●    Anonymous Bind: No authentication needed.

●    Simple Bind: Username & password sent in plaintext (not secure).

●    SASL Bind: Secure authentication using Kerberos or NTLM.

 3. Query Execution
●    The client sends an LDAP query using filters (e.g., search for all users).

●    Example LDAP Query:

 (&(objectClass=user))
●    
●    The server searches its directory and retrieves matching objects.

4. Data Retrieval & Response
●    The server returns matching entries to the client.

●    Example Response: A list of users and attributes (name, email, groups).

 5. Client Logs Out (Unbind Request)
●    Once the operation is complete, the client disconnects using an unbind request.

________________________________________
 LDAP Ports & Security
●    389 → Standard LDAP (unencrypted)

●    636 → LDAPS (encrypted with SSL/TLS)

 Security Best Practice: Always use LDAPS (port 636) to encrypt sensitive queries and authentication.


Real-World LDAP Enumeration with Tools
LDAP enumeration is used in Active Directory pentesting to extract user, group, and computer information. Here’s how you can perform LDAP enumeration using ldapsearch, PowerView, and ADExplorer with a brief description of each tool.
________________________________________
 Tool 1: ldapsearch (Linux & Windows)
 What is ldapsearch?
 ldapsearch is a command-line tool for querying LDAP directories, including   Active Directory (AD). It is commonly used in penetration testing and   reconnaissance to enumerate users, groups, and computers without   authentication (if anonymous binds are allowed).

 Example LDAP Enumeration with ldapsearch
 Command to List All Users in AD
 ldapsearch -x -h -p 389 -D "CN=User,DC=example,DC=com" -w "Password" -b   "DC=example,DC=com" "(objectClass=user)"

 Explanation:
●    -x → Simple authentication (no SASL).

●    -h → Target Domain Controller IP.

●    -p 389 → LDAP default port.

●    -D "CN=User,DC=example,DC=com" → Bind DN (AD user).

●    -w "Password" → Password for authentication.

●    -b "DC=example,DC=com" → Base DN (search starting point).

●    "objectClass=user" → Filter to find user objects.

Other Useful Queries:
 List All Groups

 ldapsearch -x -h -b "DC=example,DC=com" "(objectClass=group)"
● Find Domain Admins

 ldapsearch -x -h -b "DC=example,DC=com" "(CN=Domain Admins)"
● Best For:
●    Enumerating AD objects (users, groups, computers).

●    Running LDAP queries over Linux and Windows (via WSL).

________________________________________
 Tool 2: PowerView (Windows & PowerShell)
 What is PowerView?
  PowerView is a PowerShell tool from PowerSploit, used for Active Directory          enumeration. It helps in gathering information about users, groups, computers,    and ACLs.
 Why PowerView?
●    No need for admin privileges.

●    Can be run from any domain-joined Windows machine.

●    Automates AD enumeration & reconnaissance.


 Example LDAP Enumeration with PowerView
 Command to List All Users
 Get-NetUser -Domain example.com

 Command to List All Groups
 Get-NetGroup -Domain example.com

 Find Members of Domain Admins Group
 Get-NetGroupMember -GroupName "Domain Admins" -Domain example.com

 Enumerate All Domain Controllers
 Get-NetDomainController

 Best For:
●    Quickly enumerating users, groups, computers, and shares.

●    Finding Domain Admins and privileged accounts.

●    Enumerating trust relationships in a multi-domain environment.

 How to Use PowerView in a Pentest?
●    Run it from a compromised machine inside the AD network.

●    Extract privileged accounts, domain trusts, and misconfigurations.

●    Combine it with Mimikatz or BloodHound for further attacks.


Here are 15 one-word questions with their corresponding answers and hints based on the content about LDAP (Lightweight Directory Access Protocol):
 

Answer The Questions
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer
Login to Answer

Admin Panel