Lab 331 — PeopleDir — LDAP Injection Authentication Bypass

hackadvisor

Task: Corporate HR portal with LDAP authentication, goal is to bypass auth and access admin panel. Solution: LDAP wildcard injection in password field using * to match any password, then access classified records as admin.

nodejs authentication_bypass express privilege_escalation wildcard_injection ldap ldap_injection

ldap_filter_injectionldap_wildcard_bypassauthentication_bypass_to_admin

$ ls tags/ techniques/

nodejs authentication_bypass express privilege_escalation wildcard_injection ldap ldap_injection

ldap_filter_injectionldap_wildcard_bypassauthentication_bypass_to_admin

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 332 — CloudGate ID — Blind LDAP Injection in People Directory— hackadvisor
[web][Pro]Lab 330 — AuthVault — Blind LDAP Injection in Directory Lookup— hackadvisor
[web][Pro]Directory— volgactf
[web][Pro]Lab 326 — PulseBoard — NoSQL Injection in Authentication— hackadvisor
[web][Pro]Lab 329 — PipelineIQ — NoSQL Injection Authentication Bypass— hackadvisor