1. Overview
According to my learning process, I must know what the model and vulnerability principles of my web attack are. Now I have encountered an unpopular situation. I saw it for the first time. When I came to LDAP, I discovered an unpopular one (authorized) during a penetration test of a state-owned enterprise, which aroused my interest in it.
The concept of LDAP:
Full name: Lightweight Directory AccessProtocolt, Features: I won’t talk about the protocol, it’s too esoteric, it can be understood as a The database that stores data is special in that it is a tree-like database. First of all, the name of this database is equivalent to the root of the tree (i.e. DB = dc), and then all the nodes passing through from the root of the tree to a certain leaf node are called Branches (ou) and finally reaches the leaf node (uid) you are looking for. As shown in the figure below:
To be more specific, name each node and go through the diagram again, dc= root, fork 1 ou = database, fork 2 ou= mysql, leaf node uid = user.
Then describe it in language: dn:cn =user,ou = database,ou = mysql,dc = root
dn identifies a record and describes it A detailed path of data is obtained, which is called "base DN". Through this record, a leaf node can be found conveniently and quickly. From the figure, LDAP can clearly divide the node area, that is, what is the parent node of the node, what are the child nodes, and extended to practical applications, what is the superior department of the department, and who are the employees of the department? , if used internally by the enterprise, it can clearly describe where each employee belongs.
Let’s first look at a case of server segment configuration:
Assume that the name of a company is bwapp, and the CEO who manages this company is called admin.
Now the CEO wants to add a new department to the company, called the security department (anquanbu). Under the security department is the security department (anfu). The security department is divided into penetration testing (sentou) and emergency response. (yingji) two teams, then Xiaoliang (xiaoliang) is in the infiltration team, and Xiaoming (xiaoming) is in the emergency team.
The configured directory structure is as shown below
2. LDAP configuration based on Bee-Box (Linux)
First find A relatively easy to configure LDAP architecture, OpenLDAP phpLDAPadmin is recommended here.
The steps are as follows:
First enter the following two installation commands:
sudo apt-getupdate
sudo apt-getinstall slapd ldap-utils
During the installation process, you will be asked to select and confirm the LDAP administrator password
sudodpkg-reconfigure slapd
This command needs to configure some ldap things. The following is a comparison between Chinese and English And screenshot
1. OpenLDAP server configuration is omitted? No
2. DNS domain name?
This option will determine the basic structure of the directory path. Read the message to find out how this will be achieved. Even if you don't own the actual domain, you can choose any value you want. However, this tutorial assumes you have the appropriate server domain name, so you should use that. Here for the bwapp shooting range, set it to bwapp.local
3. Organization name?
We use bwapp
4. Administrator password? Enter the security password twice
5. Database backend? HDB
#5. Delete the database when clearing slapd? No
#6. Move the old database? Yes
#7. Allow LDAPv2 protocol? No
At this point the initial configuration is complete, open the LDAP port on the firewall so that external clients can connect:
sudo ufw allow ldap
Test whether the LDAP connection to ldapwhoami is successful, the connection should return the username we connected to:
ldapwhoami -H ldap:// -x
Access the phpLDAPadmin of the virtual machine from the host
https://virtual machine IP /phpldapadmin/
Enter the password to log in.
Login successful
Then the configuration on the server is as follows
The following configuration They are all translated into Chinese using the Google Translate plug-in.
First create the security department:
Select the organizational unit
Create the object
Then create the sub-department of the security department, security (anfu)
Create the sub-department Entry
The steps are the same as above
Created successfully
Then create penetration (shentou) and emergency (yingji) under the security server
The steps are the same as above
Create employees Li Xiaoliang (xiaoliang) and Wang Xiaoming (xiaoming) for penetration (shentou) and emergency (yingji) respectively
The steps to create personnel are as follows. The above are the steps to create organizational departments.
First create the user account xiaoliang under the penetration group
phpMyAdmin. To create a user, you need to create a user group first. If there is no There is no way to create users in this user group. The process of creating a user group is as follows:
Create sub-entry
Create user group
Then create a user under the user group
The above is the detailed content of How to configure the environment for bee-box LDAP injection. For more information, please follow other related articles on the PHP Chinese website!

如果说sql注入的本质是拼接字符串的话,那么一切可以注入的本质都是拼接字符串,LDAP注入作为注入的一种也不例外,更有趣一点的说它是在拼接圆括号(sql注入也拼接圆括号,但是更习惯性的是说它拼接字符串)。在环境配置篇里面已经很详细的说了bee-box中ldap环境的配置,靶场练习篇更多的是php与ldap的连接过程,中间使用的特殊函数介绍以及圆括号拼接的一些技巧。下面先说一下bwapp中ldap靶场的登录过程:首先这是一个LDAP的登录界面,URL是http://192.168.3.184/bW

1、LDAP注入LDAP(LightDirectoryAccessPortocol)是基于X.500标准的轻量级目录访问协议,提供访问目录数据库方法的服务和协议,常用于与目录数据库组成目录服务。其中目录是一个为查询、浏览和搜索而优化的专业分布式数据库,它呈树状结构组织数据,类似于Linux/Unix系统中的文件目录。公用证书、安全密钥、公司的物理设备信息等修改并不频繁的数据适合存储在目录中。可以将LDAP理解为一种搜索协议,它类似于SQL,拥有查询语法,也存在被注入攻击的风险。LDAP注入是指客

在使用PHP开发Web应用程序时,我们经常需要使用LDAP身份验证来保护应用程序的访问。然而,在有些情况下,当我们尝试使用PHP的LDAP功能来实现身份验证时,可能会遇到以下错误消息:"PHPFatalerror:Calltoundefinedfunctionldap_bind()"。这种错误消息通常会在应用程序调用ldap_bind()函数

一、综述按照我的学习过程来说,我必须知道我进行web攻击的这个模型和漏洞的原理是什么,现在我就碰到个冷门,最初见到LDAP时是某次在某国企的渗透测试中发现一个冷门(经过授权的),激起了我对它的兴趣。LDAP的概念:全称:轻量级目录访问协议(LightweightDirectoryAccessProtocolt),特点:协议什么的就不说了,太深奥,可以把它理解为一种存储数据的数据库,它的特殊在于它是一种树状的数据库,首先这个数据库的名字相当于树根(即DB=dc),然后从树根到某个叶子节点过程所经过

LDAP(LightweightDirectoryAccessProtocol)是一种用于访问分布式目录服务的协议。它可以用于进行用户身份验证、授权、帐户维护和数据存储等任务。在PHP应用程序中,LDAP可以作为一种强大的认证机制,可以为应用程序提供强大的认证和授权功能。本文将介绍在PHP中使用LDAP进行用户身份验证的方法,具体内容包括:安装和配置L

随着网络安全漏洞增多,LDAP注入攻击已经成为了很多网站面临的安全隐患。为了保护网站安全,防范LDAP注入攻击,需要使用一些安全措施。其中,Nginx作为一个高性能的Web服务器和反向代理服务器,可以为我们提供很多便利和保护。这篇文章将介绍如何使用Nginx防范LDAP注入攻击。LDAP注入攻击LDAP注入攻击是一种针对LDAP数据库的攻击方式,攻击者通过在

随着网络安全问题越来越受到重视,越来越多的程序员开始关注和学习如何防止代码被攻击。其中,常见的攻击方式包括SQL注入、XSS、CSRF等。但是,还有一种常见的攻击方式被低估了:LDAP注入漏洞。本文将会介绍这种攻击方式的原理和如何使用PHP防范LDAP注入漏洞。LDAP介绍LDAP(LightweightDirectoryAccessProtocol)

随着企业规模和业务需求的不断扩大,用户组管理和授权成为了一个必不可少的部分。LDAP(轻型目录访问协议)作为一种广泛应用于企业网络中的目录服务协议,为实现用户组管理和授权提供了一种高效方式。本文将介绍如何使用PHP和LDAP实现用户组管理和授权。一、什么是LDAPLDAP是一种轻型目录访问协议,广泛应用于企业网络中的目录服务协议。LDAP是基于客户端/服务器


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Dreamweaver Mac version
Visual web development tools

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
