Pentesting Tactics

Networking Firewalls & Security
1

Welcome to Pentesting Tactics, your ultimate reference guide for effective penetration testing, designed for both beginners and experienced professionals in the cybersecurity field.

Our carefully curated content directs you to essential insights and strategies across various pentesting domains. Whether you’re exploring the nuances of service and protocol testing or delving into the complexities of web vulnerabilities, we offer comprehensive resources.

No matter your focus within cybersecurity, our materials are tailored to enhance your learning and pentesting experience.

Explore our straightforward, practical guides aimed at advancing your pentesting skills.

Begin your journey now and elevate your cybersecurity knowledge with Pentesting Tactics.

Citations:
[1] A Complete Guide to Penetration Testing - DZone
[2] https://www.bluevoyant.com/knowledge-center/penetration-testing-complete-guide-to-process-types-and-tools
[3] Comprehensive Guide to Pentesting Methodology: From Zero to Hero | by ElNiak | InfoSec Write-ups
[4] What is Penetration Testing? A Complete Guide
[5] A Comprehensive Guide To Types Of Penetration Testing | Wattlecorp Cybersecurity Labs
[6] https://www.getastra.com/blog/security-audit/types-of-penetration-testing/
[7] https://www.eccouncil.org/cybersecurity-exchange/whitepaper/a-comprehensive-guide-to-penetration-testing/

2

Default Port: 389

LDAP (Lightweight Directory Access Protocol) is a lightweight directory access protocol commonly used to access directory services (such as Active Directory). LDAP operates over TCP/IP and typically uses port 389. Secure LDAP (LDAPS) employs SSL/TLS over LDAP and typically uses port 636.

Connect

LDAP Search

You can connect to an LDAP server and perform a search using the ldapsearch command. Example usage:

ldapsearch -x -h <ldap-server> -b <base-dn> -D <bind-dn> -w <password> -s <search-scope> <filter>

LDAP Authentication

To authenticate against an LDAP server, you can use the ldapwhoami command. Example usage:

ldapwhoami -x -h <ldap-server> -D <bind-dn> -w <password>

Recon

LDAP Server Information

To gather information from an LDAP server, you can use the ldapsearch command. For example, to list all objects:

ldapsearch -x -h <ldap-server> -b "" -s base "(objectclass=*)"

Enumeration

Enumerate Users

LDAP queries can be used to enumerate users. For example, to list all users:

ldapsearch -x -h <ldap-server> -b "ou=users,dc=example,dc=com" "(objectclass=inetOrgPerson)"

Attack Vectors

After successfully exploiting an LDAP server, post-exploitation activities may include:

Dumping Directory Information

Extracting sensitive information such as user credentials, group memberships, and organizational units from the LDAP server.

ldapsearch -h <LDAP-server> -p <port> -x -b "<base-DN>" "(objectclass=*)"

Privilege Escalation

Exploiting misconfigurations or vulnerabilities to escalate privileges and gain higher levels of access.

ldapmodify -h <LDAP-server> -p <port> -x -D "<admin-DN>" -w "<admin-password>" -f <ldif-file>

Data Modification

Modifying directory information, such as adding or deleting user accounts, groups, or attributes.

ldapmodify -h <LDAP-server> -p <port> -x -D "<admin-DN>" -w "<admin-password>" -f <ldif-file>
1 Like