RE: implementation problem in Microsoft LDAP?

From: Sardañons, Eliel (Eliel.Sardanonsat_private)
Date: Mon Jul 02 2001 - 05:34:53 PDT

Next message: Dan Kaminsky: "Re: rain"

Previous message: M.Grootveld: "Re: implementation problem in Microsoft LDAP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have post the code 3 or 4 days ago (it isn't an exploit!) to the list. If
you cant find it I can send it to you. What the program does is connect to
the ldap server and try to guess the users passwords brute forcing them.
the program connect to server (-s) www.victim.com
use the domain name (-d) victim.com (this is needed for the ldap server
DC=victim,DC=com)
then it trys passwords for user (-u) 
and the passwords are automaticaly (-l) generated with a lenght of 8 in this
case.
It doesn't matter the lenght I have put 8 because it will never end :)

Eliel 

-----Mensaje original-----
De: M.Grootveld [mailto:M.Grootveldat_private]
Enviado el: Lunes, 02 de Julio de 2001 07:38 a.m.
Para: 'vuln-devat_private'
CC: Eliel
Asunto: Re: implementation problem in Microsoft LDAP?

Hi

Sardañons, Eliel wrote:

> <snip>

> Problem 2:
>
> Another problem I have seen is that when I use my brute force program
> (brute_force_ldap) to try to guess a Windows password and I run 5 or more
> instance of my program at the same time like this:
>
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_1 -l 8 &
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_2 -l 8 &
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_3 -l 8 &
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_4 -l 8 &
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_5 -l 8 &
> ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_6 -l 8 &
>
> the CPU usage in www.victim.com is at 100%!!! And the console is unusable
in
> the windows box. I try this using a none_existent_user and an
existent_user
> and it consumes more resources with non existent users.
>
> So an attacker can use my program as a Distributed Denial Of service
Attack
> (ddos) running it from different machines at the same time with a unique
> target. (www.victim.com).
>

Could you provide any additional details about your exploit code and the
configuration you are using. With the information you provided I can't tell
if
the second problem is caused by an implementation problem or that the LDAP
service is perhaps configured incorrectly.

Greetings

M. Grootveld

Next message: Dan Kaminsky: "Re: rain"
Previous message: M.Grootveld: "Re: implementation problem in Microsoft LDAP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 14:12:18 PDT