search
HomeOperation and MaintenanceSafetyHow to configure the environment for bee-box LDAP injection

1. Overview

According to my learning process, I must know what the model and vulnerability principles of my web attack are. Now I have encountered an unpopular situation. I saw it for the first time. When I came to LDAP, I discovered an unpopular one (authorized) during a penetration test of a state-owned enterprise, which aroused my interest in it.

The concept of LDAP:

Full name: Lightweight Directory AccessProtocolt, Features: I won’t talk about the protocol, it’s too esoteric, it can be understood as a The database that stores data is special in that it is a tree-like database. First of all, the name of this database is equivalent to the root of the tree (i.e. DB = dc), and then all the nodes passing through from the root of the tree to a certain leaf node are called Branches (ou) and finally reaches the leaf node (uid) you are looking for. As shown in the figure below:

如何进行bee-box LDAP注入的环境配置

To be more specific, name each node and go through the diagram again, dc= root, fork 1 ou = database, fork 2 ou= mysql, leaf node uid = user.

如何进行bee-box LDAP注入的环境配置

Then describe it in language: dn:cn =user,ou = database,ou = mysql,dc = root

dn identifies a record and describes it A detailed path of data is obtained, which is called "base DN". Through this record, a leaf node can be found conveniently and quickly. From the figure, LDAP can clearly divide the node area, that is, what is the parent node of the node, what are the child nodes, and extended to practical applications, what is the superior department of the department, and who are the employees of the department? , if used internally by the enterprise, it can clearly describe where each employee belongs.

Let’s first look at a case of server segment configuration:

Assume that the name of a company is bwapp, and the CEO who manages this company is called admin.

Now the CEO wants to add a new department to the company, called the security department (anquanbu). Under the security department is the security department (anfu). The security department is divided into penetration testing (sentou) and emergency response. (yingji) two teams, then Xiaoliang (xiaoliang) is in the infiltration team, and Xiaoming (xiaoming) is in the emergency team.

The configured directory structure is as shown below

如何进行bee-box LDAP注入的环境配置

2. LDAP configuration based on Bee-Box (Linux)

First find A relatively easy to configure LDAP architecture, OpenLDAP phpLDAPadmin is recommended here.

The steps are as follows:

First enter the following two installation commands:

sudo apt-getupdate

sudo apt-getinstall slapd ldap-utils

During the installation process, you will be asked to select and confirm the LDAP administrator password

sudodpkg-reconfigure slapd

This command needs to configure some ldap things. The following is a comparison between Chinese and English And screenshot

1. OpenLDAP server configuration is omitted? No

如何进行bee-box LDAP注入的环境配置

2. DNS domain name?

This option will determine the basic structure of the directory path. Read the message to find out how this will be achieved. Even if you don't own the actual domain, you can choose any value you want. However, this tutorial assumes you have the appropriate server domain name, so you should use that. Here for the bwapp shooting range, set it to bwapp.local

如何进行bee-box LDAP注入的环境配置

3. Organization name?

We use bwapp

如何进行bee-box LDAP注入的环境配置

4. Administrator password? Enter the security password twice

5. Database backend? HDB

如何进行bee-box LDAP注入的环境配置

#5. Delete the database when clearing slapd? No

如何进行bee-box LDAP注入的环境配置

#6. Move the old database? Yes

如何进行bee-box LDAP注入的环境配置

#7. Allow LDAPv2 protocol? No

如何进行bee-box LDAP注入的环境配置

At this point the initial configuration is complete, open the LDAP port on the firewall so that external clients can connect:

sudo ufw allow ldap

如何进行bee-box LDAP注入的环境配置

Test whether the LDAP connection to ldapwhoami is successful, the connection should return the username we connected to:

ldapwhoami -H ldap:// -x

如何进行bee-box LDAP注入的环境配置

Access the phpLDAPadmin of the virtual machine from the host

https://virtual machine IP /phpldapadmin/

Enter the password to log in.

如何进行bee-box LDAP注入的环境配置

Login successful

如何进行bee-box LDAP注入的环境配置

Then the configuration on the server is as follows

The following configuration They are all translated into Chinese using the Google Translate plug-in.

First create the security department:

如何进行bee-box LDAP注入的环境配置

Select the organizational unit

如何进行bee-box LDAP注入的环境配置

Create the object

如何进行bee-box LDAP注入的环境配置

Then create the sub-department of the security department, security (anfu)

如何进行bee-box LDAP注入的环境配置

Create the sub-department Entry

The steps are the same as above

Created successfully

如何进行bee-box LDAP注入的环境配置

Then create penetration (shentou) and emergency (yingji) under the security server

The steps are the same as above

如何进行bee-box LDAP注入的环境配置

Create employees Li Xiaoliang (xiaoliang) and Wang Xiaoming (xiaoming) for penetration (shentou) and emergency (yingji) respectively

The steps to create personnel are as follows. The above are the steps to create organizational departments.

First create the user account xiaoliang under the penetration group

phpMyAdmin. To create a user, you need to create a user group first. If there is no There is no way to create users in this user group. The process of creating a user group is as follows:

Create sub-entry

如何进行bee-box LDAP注入的环境配置

Create user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Then create a user under the user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

##The creation is successful, but it is very annoying to need to enter the user's last name. Then you need to rename the user after creating the user.

The renaming steps are as follows

Click the username on the left and click rename on the right

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Modification successful

如何进行bee-box LDAP注入的环境配置

3. Test whether it can communicate with bwapp

Open the ldap injection option of bwapp and enter content similar to the following picture:

如何进行bee-box LDAP注入的环境配置

If the connection is successful, the following interface will be returned

如何进行bee-box LDAP注入的环境配置

Note: If an ldap account is created, the login format must be certain It is like this:

如何进行bee-box LDAP注入的环境配置

cn=xiaoliang,cn=user,ou=shentou,ou=anfu,ou=anquanbu,dc=bwapp,dc=local

Then log in

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

The above is the detailed content of How to configure the environment for bee-box LDAP injection. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete
如何进行bee-box LDAP注入的靶场练习如何进行bee-box LDAP注入的靶场练习May 13, 2023 am 09:49 AM

如果说sql注入的本质是拼接字符串的话,那么一切可以注入的本质都是拼接字符串,LDAP注入作为注入的一种也不例外,更有趣一点的说它是在拼接圆括号(sql注入也拼接圆括号,但是更习惯性的是说它拼接字符串)。在环境配置篇里面已经很详细的说了bee-box中ldap环境的配置,靶场练习篇更多的是php与ldap的连接过程,中间使用的特殊函数介绍以及圆括号拼接的一些技巧。下面先说一下bwapp中ldap靶场的登录过程:首先这是一个LDAP的登录界面,URL是http://192.168.3.184/bW

LDAP注入该如何理解LDAP注入该如何理解May 22, 2023 pm 09:47 PM

1、LDAP注入LDAP(LightDirectoryAccessPortocol)是基于X.500标准的轻量级目录访问协议,提供访问目录数据库方法的服务和协议,常用于与目录数据库组成目录服务。其中目录是一个为查询、浏览和搜索而优化的专业分布式数据库,它呈树状结构组织数据,类似于Linux/Unix系统中的文件目录。公用证书、安全密钥、公司的物理设备信息等修改并不频繁的数据适合存储在目录中。可以将LDAP理解为一种搜索协议,它类似于SQL,拥有查询语法,也存在被注入攻击的风险。LDAP注入是指客

PHP Fatal error: Call to undefined function ldap_bind()的解决方法PHP Fatal error: Call to undefined function ldap_bind()的解决方法Jun 22, 2023 pm 11:37 PM

在使用PHP开发Web应用程序时,我们经常需要使用LDAP身份验证来保护应用程序的访问。然而,在有些情况下,当我们尝试使用PHP的LDAP功能来实现身份验证时,可能会遇到以下错误消息:"PHPFatalerror:Calltoundefinedfunctionldap_bind()"。这种错误消息通常会在应用程序调用ldap_bind()函数

如何进行bee-box LDAP注入的环境配置如何进行bee-box LDAP注入的环境配置May 12, 2023 pm 08:37 PM

一、综述按照我的学习过程来说,我必须知道我进行web攻击的这个模型和漏洞的原理是什么,现在我就碰到个冷门,最初见到LDAP时是某次在某国企的渗透测试中发现一个冷门(经过授权的),激起了我对它的兴趣。LDAP的概念:全称:轻量级目录访问协议(LightweightDirectoryAccessProtocolt),特点:协议什么的就不说了,太深奥,可以把它理解为一种存储数据的数据库,它的特殊在于它是一种树状的数据库,首先这个数据库的名字相当于树根(即DB=dc),然后从树根到某个叶子节点过程所经过

在PHP中使用LDAP进行用户身份验证在PHP中使用LDAP进行用户身份验证Jun 20, 2023 pm 10:25 PM

LDAP(LightweightDirectoryAccessProtocol)是一种用于访问分布式目录服务的协议。它可以用于进行用户身份验证、授权、帐户维护和数据存储等任务。在PHP应用程序中,LDAP可以作为一种强大的认证机制,可以为应用程序提供强大的认证和授权功能。本文将介绍在PHP中使用LDAP进行用户身份验证的方法,具体内容包括:安装和配置L

如何使用Nginx防范LDAP注入攻击如何使用Nginx防范LDAP注入攻击Jun 10, 2023 pm 08:19 PM

随着网络安全漏洞增多,LDAP注入攻击已经成为了很多网站面临的安全隐患。为了保护网站安全,防范LDAP注入攻击,需要使用一些安全措施。其中,Nginx作为一个高性能的Web服务器和反向代理服务器,可以为我们提供很多便利和保护。这篇文章将介绍如何使用Nginx防范LDAP注入攻击。LDAP注入攻击LDAP注入攻击是一种针对LDAP数据库的攻击方式,攻击者通过在

如何使用PHP防范LDAP注入漏洞如何使用PHP防范LDAP注入漏洞Jun 24, 2023 am 10:40 AM

随着网络安全问题越来越受到重视,越来越多的程序员开始关注和学习如何防止代码被攻击。其中,常见的攻击方式包括SQL注入、XSS、CSRF等。但是,还有一种常见的攻击方式被低估了:LDAP注入漏洞。本文将会介绍这种攻击方式的原理和如何使用PHP防范LDAP注入漏洞。LDAP介绍LDAP(LightweightDirectoryAccessProtocol)

如何使用PHP和LDAP实现用户组管理和授权如何使用PHP和LDAP实现用户组管理和授权Jun 25, 2023 am 08:22 AM

随着企业规模和业务需求的不断扩大,用户组管理和授权成为了一个必不可少的部分。LDAP(轻型目录访问协议)作为一种广泛应用于企业网络中的目录服务协议,为实现用户组管理和授权提供了一种高效方式。本文将介绍如何使用PHP和LDAP实现用户组管理和授权。一、什么是LDAPLDAP是一种轻型目录访问协议,广泛应用于企业网络中的目录服务协议。LDAP是基于客户端/服务器

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.