Shulou(Shulou.com)05/31 Report--

This article introduces you how to configure the environment for bee-box LDAP injection, the content is very detailed, interested friends can refer to, I hope it can be helpful to you.

I. Summary

According to my learning process, I must know what the model and loophole of my web attack are. Now I met a surprise. When I first met LDAP, I found a surprise (authorized) in a penetration test of a state-owned enterprise, which aroused my interest in it.

The concept of LDAP:

Full name: lightweight directory access protocol (Lightweight Directory AccessProtocolt), features: protocol what not to say, too esoteric, it can be understood as a database for storing data, it is special in that it is a tree-like database, first of all, the name of this database is equivalent to the tree root (that is, DB = dc), and then all the nodes passing from the root of the tree to a leaf node are called ou. Finally, you reach the leaf node you are looking for (uid). As shown in the following figure:

To be more specific, name each node and walk through the graph again, dc= root, bifurcation 1 ou= database, bifurcation 2 ou= mysql, leaf node uid = user.

And then describe it in language: dn:cn = user,ou = database,ou = mysql,dc = root

Dn identifies a record that describes a detailed path to the data, known as the "benchmark DN". Through this record, a leaf node can be easily and quickly found. From the diagram, LDAP can clearly divide the area of the node, that is, what the parent node of the node is and what the child node is, which extends to the practical application is what the superior department of the department is, who are the employees of this department, if used within the enterprise, it can clearly describe where each employee belongs.

Let's take a look at a case of server segment configuration:

Suppose the name of a company is bwapp, and the CEO that manages the company is admin.

Now CEO is going to add a new department for the company, called the Department of Security (anquanbu). There is a Security Service Department (anfu) under the Security Department, which is divided into two groups: penetration testing (shentou) and Emergency response (yingji). Then xiaoliang is in the penetration group and xiaoming is in the emergency group.

The configured directory structure is shown in the following figure

II. LDAP configuration based on Bee-Box (Linux)

First of all, find a LDAP architecture that is easy to configure. OpenLDAP+phpLDAPadmin is recommended here.

The steps are as follows:

First enter the following two installation commands:

Sudo apt-getupdate

Sudo apt-getinstall slapd ldap-utils

During installation, you will be asked to select and confirm the administrator password for LDAP

Sudodpkg-reconfigure slapd

This command needs to be configured with something called ldap. The following is a screenshot in both Chinese and English.

1. Omit the OpenLDAP server configuration? No

2. DNS domain name?

This option determines the basic structure of the directory path. Read the message to see how this will be achieved. Even if you do not have an actual domain, you can select any value you want. However, this tutorial assumes that you have the appropriate server domain name, so you should use it. Here for bwapp shooting range, set to bwapp.local

3. The name of the organization?

We use bwapp

4. Administrator password? Enter the security password twice

5. Database backend? HDB

5. Delete the database when clearing slapd? No

6. Move the old database? Yes

7. Allow LDAPv2 protocol? No

Now that the initial configuration is complete, open the LDAP port on the firewall so that external clients can connect:

Sudo ufw allow ldap

Test whether the LDAP connection to ldapwhoami is successful, and the connection should return the user name of our connection:

Ldapwhoami-H ldap://-x

Access the phpLDAPadmin of the virtual machine from the host

Https:// virtual machine IP / phpldapadmin/

Enter your password to log in.

Login succeeded

Then the configuration on the server is as follows

The following configurations are all translated into Chinese using the Google translation plug-in.

First create the Department of Security:

Select organizational unit

Create the object

Then create the Security Service (anfu), a sub-department of the Ministry of Security.

Create a child entry

The steps are the same as above

Created successfully

Then create infiltration (shentou) and emergency (yingji) under Security Service.

The steps are the same as above

Create employees Li Xiaoliang (xiaoliang) and Wang Xiaoming (xiaoming) for shentou and yingji respectively

The steps for creating personnel are as follows. These are the steps for creating an institutional department.

First, create a user account xiaoliang under the penetration group

To create a user in phpMyAdmin, you need to create a user group. Without this user group, there is no way to create a user. The process of creating a user group is as follows:

Create a child entry

Create a user group

Then create a user under the user group

The creation is successful, but it is annoying to input the last name to the user, so you need to rename the user after creating the user.

The steps for renaming are as follows

Click the user name on the left and click rename on the right

Modified successfully

Third, test whether it can interoperate with bwapp.

Open the ldap injection option for bwapp, and enter something similar to the following figure:

If the connection is successful, the following interface will be returned

Note: if you create a ldap account, the login format must be as follows:

Cn=xiaoliang,cn=user,ou=shentou,ou=anfu,ou=anquanbu,dc=bwapp,dc=local

And then log in.

This is the end of the environment configuration on how to carry out bee-box LDAP injection. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.