search
HomeOperation and MaintenanceSafetyHow to configure the environment for bee-box LDAP injection

1. Overview

According to my learning process, I must know what the model and vulnerability principles of my web attack are. Now I have encountered an unpopular situation. I saw it for the first time. When I came to LDAP, I discovered an unpopular one (authorized) during a penetration test of a state-owned enterprise, which aroused my interest in it.

The concept of LDAP:

Full name: Lightweight Directory AccessProtocolt, Features: I won’t talk about the protocol, it’s too esoteric, it can be understood as a The database that stores data is special in that it is a tree-like database. First of all, the name of this database is equivalent to the root of the tree (i.e. DB = dc), and then all the nodes passing through from the root of the tree to a certain leaf node are called Branches (ou) and finally reaches the leaf node (uid) you are looking for. As shown in the figure below:

如何进行bee-box LDAP注入的环境配置

To be more specific, name each node and go through the diagram again, dc= root, fork 1 ou = database, fork 2 ou= mysql, leaf node uid = user.

如何进行bee-box LDAP注入的环境配置

Then describe it in language: dn:cn =user,ou = database,ou = mysql,dc = root

dn identifies a record and describes it A detailed path of data is obtained, which is called "base DN". Through this record, a leaf node can be found conveniently and quickly. From the figure, LDAP can clearly divide the node area, that is, what is the parent node of the node, what are the child nodes, and extended to practical applications, what is the superior department of the department, and who are the employees of the department? , if used internally by the enterprise, it can clearly describe where each employee belongs.

Let’s first look at a case of server segment configuration:

Assume that the name of a company is bwapp, and the CEO who manages this company is called admin.

Now the CEO wants to add a new department to the company, called the security department (anquanbu). Under the security department is the security department (anfu). The security department is divided into penetration testing (sentou) and emergency response. (yingji) two teams, then Xiaoliang (xiaoliang) is in the infiltration team, and Xiaoming (xiaoming) is in the emergency team.

The configured directory structure is as shown below

如何进行bee-box LDAP注入的环境配置

2. LDAP configuration based on Bee-Box (Linux)

First find A relatively easy to configure LDAP architecture, OpenLDAP phpLDAPadmin is recommended here.

The steps are as follows:

First enter the following two installation commands:

sudo apt-getupdate

sudo apt-getinstall slapd ldap-utils

During the installation process, you will be asked to select and confirm the LDAP administrator password

sudodpkg-reconfigure slapd

This command needs to configure some ldap things. The following is a comparison between Chinese and English And screenshot

1. OpenLDAP server configuration is omitted? No

如何进行bee-box LDAP注入的环境配置

2. DNS domain name?

This option will determine the basic structure of the directory path. Read the message to find out how this will be achieved. Even if you don't own the actual domain, you can choose any value you want. However, this tutorial assumes you have the appropriate server domain name, so you should use that. Here for the bwapp shooting range, set it to bwapp.local

如何进行bee-box LDAP注入的环境配置

3. Organization name?

We use bwapp

如何进行bee-box LDAP注入的环境配置

4. Administrator password? Enter the security password twice

5. Database backend? HDB

如何进行bee-box LDAP注入的环境配置

#5. Delete the database when clearing slapd? No

如何进行bee-box LDAP注入的环境配置

#6. Move the old database? Yes

如何进行bee-box LDAP注入的环境配置

#7. Allow LDAPv2 protocol? No

如何进行bee-box LDAP注入的环境配置

At this point the initial configuration is complete, open the LDAP port on the firewall so that external clients can connect:

sudo ufw allow ldap

如何进行bee-box LDAP注入的环境配置

Test whether the LDAP connection to ldapwhoami is successful, the connection should return the username we connected to:

ldapwhoami -H ldap:// -x

如何进行bee-box LDAP注入的环境配置

Access the phpLDAPadmin of the virtual machine from the host

https://virtual machine IP /phpldapadmin/

Enter the password to log in.

如何进行bee-box LDAP注入的环境配置

Login successful

如何进行bee-box LDAP注入的环境配置

Then the configuration on the server is as follows

The following configuration They are all translated into Chinese using the Google Translate plug-in.

First create the security department:

如何进行bee-box LDAP注入的环境配置

Select the organizational unit

如何进行bee-box LDAP注入的环境配置

Create the object

如何进行bee-box LDAP注入的环境配置

Then create the sub-department of the security department, security (anfu)

如何进行bee-box LDAP注入的环境配置

Create the sub-department Entry

The steps are the same as above

Created successfully

如何进行bee-box LDAP注入的环境配置

Then create penetration (shentou) and emergency (yingji) under the security server

The steps are the same as above

如何进行bee-box LDAP注入的环境配置

Create employees Li Xiaoliang (xiaoliang) and Wang Xiaoming (xiaoming) for penetration (shentou) and emergency (yingji) respectively

The steps to create personnel are as follows. The above are the steps to create organizational departments.

First create the user account xiaoliang under the penetration group

phpMyAdmin. To create a user, you need to create a user group first. If there is no There is no way to create users in this user group. The process of creating a user group is as follows:

Create sub-entry

如何进行bee-box LDAP注入的环境配置

Create user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Then create a user under the user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

##The creation is successful, but it is very annoying to need to enter the user's last name. Then you need to rename the user after creating the user.

The renaming steps are as follows

Click the username on the left and click rename on the right

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Modification successful

如何进行bee-box LDAP注入的环境配置

3. Test whether it can communicate with bwapp

Open the ldap injection option of bwapp and enter content similar to the following picture:

如何进行bee-box LDAP注入的环境配置

If the connection is successful, the following interface will be returned

如何进行bee-box LDAP注入的环境配置

Note: If an ldap account is created, the login format must be certain It is like this:

如何进行bee-box LDAP注入的环境配置

cn=xiaoliang,cn=user,ou=shentou,ou=anfu,ou=anquanbu,dc=bwapp,dc=local

Then log in

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

The above is the detailed content of How to configure the environment for bee-box LDAP injection. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!