I have post the code 3 or 4 days ago (it isn't an exploit!) to the list. If you cant find it I can send it to you. What the program does is connect to the ldap server and try to guess the users passwords brute forcing them. the program connect to server (-s) www.victim.com use the domain name (-d) victim.com (this is needed for the ldap server DC=victim,DC=com) then it trys passwords for user (-u) and the passwords are automaticaly (-l) generated with a lenght of 8 in this case. It doesn't matter the lenght I have put 8 because it will never end :) Eliel -----Mensaje original----- De: M.Grootveld [mailto:M.Grootveldat_private] Enviado el: Lunes, 02 de Julio de 2001 07:38 a.m. Para: 'vuln-devat_private' CC: Eliel Asunto: Re: implementation problem in Microsoft LDAP? Hi Sardaņons, Eliel wrote: > <snip> > Problem 2: > > Another problem I have seen is that when I use my brute force program > (brute_force_ldap) to try to guess a Windows password and I run 5 or more > instance of my program at the same time like this: > > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_1 -l 8 & > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_2 -l 8 & > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_3 -l 8 & > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_4 -l 8 & > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_5 -l 8 & > ./bf_ldap -s www.victim.com -d victim.com -u non_existent_user_6 -l 8 & > > the CPU usage in www.victim.com is at 100%!!! And the console is unusable in > the windows box. I try this using a none_existent_user and an existent_user > and it consumes more resources with non existent users. > > So an attacker can use my program as a Distributed Denial Of service Attack > (ddos) running it from different machines at the same time with a unique > target. (www.victim.com). > Could you provide any additional details about your exploit code and the configuration you are using. With the information you provided I can't tell if the second problem is caused by an implementation problem or that the LDAP service is perhaps configured incorrectly. Greetings M. Grootveld
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 14:12:18 PDT